TL;DR
1Password for Claude lets the AI agent use your logins via biometric approval without the credentials ever reaching the model or Anthropic’s systems.
1Password has launched a browser integration that lets Anthropic’s Claude use stored credentials to complete tasks on the web without the passwords ever reaching the AI model, according to a blog post published on Thursday. The company calls it a zero-exposure architecture: when Claude needs to sign in, 1Password shows the user which credential is being requested and why, then waits for biometric approval before injecting the login directly into the page. Claude never sees the vault item, password, or one-time code, and access ends when the task is complete.
The integration addresses a fundamental tension in agentic AI. Browser-based agents like Claude can navigate websites, fill out forms, and complete purchases, but reaching a login page has historically forced users to either hand over their password or take the wheel themselves. 1Password says this is the first browser integration that lets an agent use credentials without granting direct access to them.
After autofill, 1Password checks whether secrets were exposed on the page. If submission fails, the extension clears the filled values before returning control to Claude. The credential stays encrypted and controlled by 1Password throughout the process.
The launch also introduces Agentic Mode, a feature in the 1Password browser extension that automatically locks down the vault when a compatible AI agent takes control. The agent can only use logins and one-time codes explicitly approved for the current task, and the rest of the vault stays out of reach. Agentic Mode activates even if the 1Password-Claude integration is not configured, and supports agents beyond Claude.
The timing is notable given that security researchers recently demonstrated how AI browsers could be tricked into leaking user credentials through prompt injection attacks, with Anthropic’s own Claude extension among those affected. 1Password CTO Nancy Wang said in the company’s announcement that the answer is not handing agents your secrets, but letting a user give an agent permission to use a credential without letting the agent see it. She called that distinction the foundation of trust in AI agents.
1Password for Claude is available now on Mac for business, family, and individual plans, and requires the 1Password desktop app, browser extension, Claude desktop app, and Claude browser extension. The company, which recently acquired Israeli startup Apono to govern AI agent access inside enterprise systems, said it plans to add support for payment cards and identity details after launch.
CNET’s password manager expert Joe Supan said he would normally be very wary about giving an AI agent access to his password manager, but that 1Password appears to have several good guardrails in place, particularly biometric authentication for each login. The integration marks the first time a major password manager has built a dedicated secure channel for an AI agent to use credentials at runtime, rather than exposing them to the model’s context. Whether the approach holds up against the kind of prompt injection attacks that have already compromised AI browsers remains to be seen.


