惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

TaoSecurity Blog
TaoSecurity Blog
T
Troy Hunt's Blog
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Vercel News
Vercel News
T
Threatpost
G
Google Developers Blog
T
Threat Research - Cisco Blogs
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
T
The Exploit Database - CXSecurity.com
H
Heimdal Security Blog
Google DeepMind News
Google DeepMind News
Cyberwarzone
Cyberwarzone
T
The Blog of Author Tim Ferriss
Know Your Adversary
Know Your Adversary
Hacker News: Ask HN
Hacker News: Ask HN
www.infosecurity-magazine.com
www.infosecurity-magazine.com
S
Schneier on Security
B
Blog
V2EX - 技术
V2EX - 技术
NISL@THU
NISL@THU
C
CERT Recently Published Vulnerability Notes
W
WeLiveSecurity
C
Cybersecurity and Infrastructure Security Agency CISA
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Y
Y Combinator Blog
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
Spread Privacy
Spread Privacy
The Last Watchdog
The Last Watchdog
V
Vulnerabilities – Threatpost
N
Netflix TechBlog - Medium
Schneier on Security
Schneier on Security
F
Fortinet All Blogs
N
News | PayPal Newsroom
Attack and Defense Labs
Attack and Defense Labs
Blog — PlanetScale
Blog — PlanetScale
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
Microsoft Security Blog
Microsoft Security Blog
S
Security @ Cisco Blogs
人人都是产品经理
人人都是产品经理
爱范儿
爱范儿
P
Privacy & Cybersecurity Law Blog
P
Proofpoint News Feed
Project Zero
Project Zero
I
Intezer
罗磊的独立博客
H
Hackread – Cybersecurity News, Data Breaches, AI and More
酷 壳 – CoolShell
酷 壳 – CoolShell
博客园 - Franky
SecWiki News
SecWiki News
Martin Fowler
Martin Fowler

Blog on 1Password Blog

Why secure-by-design is an incentives problem, with Bob Lord | 1Password NIST and AI agents: 1Password’s approach to agent identity | 1Password Go beyond device health with External Checks in 1Password Device Trust | 1Password Natoma and 1Password help enterprises scale AI securely with governed agent access | 1Password New integrations between 1Password SaaS Manager and EPM | 1Password A first step toward post-quantum security | 1Password RSA 2026: Leading the way to secure agentic AI | 1Password How 1Password is Building a Culture of AI Fluency Through AI Champions | 1Password 1Password vs. Keeper Security: A comparison | 1Password 1Password vs. LastPass: Which is right for you? | 1Password Secure MCP credentials with 1Password and Runlayer | 1Password The next layer of AI security | 1Password Building the next chapter of Go-to-Market in EMEA | 1Password Automating SOC workflows with 1Password Enterprise Password Manager | 1Password Automated Provisioning hosted by 1Password: A Simpler, Smarter Way to Manage Access | 1Password Introducing 1Password® Unified Access: Identity Security for Humans and Their AI Agents | 1Password Next-generation automated provisioning, without compromising zero-knowledge security | 1Password Bitwarden vs. 1Password: Which password manager is right for you? | 1Password Password Manager for Families, Enterprise & Business | 1Password | 1Password How to wrangle SaaS contract renewals | 1Password Stop trusting consumer browsers with work credentials | 1Password IAM stops at sign-in. Your credentials do not. | 1Password Your digital pit crew: a 10-minute pre-race security checklist | 1Password 1Password Device Trust is coming to EMEA | 1Password The identity transformation: Analyst and CIO insights | 1Password Why now is the moment to join 1Password Go-To-Market | 1Password Identity and Accountability in the Age of AI Agents | 1Password How 1Password secures agent architectures | 1Password 1Password becomes the first global partner to transact through Express Private Offers in AWS Marketplace | 1Password Start Learning on 1Password Academy | 1Password Expanding Programmatic Access to 1Password | 1Password Zero knowledge vs. a malicious server: A look at ETH Zurich’s research | 1Password Agents are making filesystems cool again | 1Password Black History Month employee spotlight: Joseph Ojelade | 1Password 1Password's new benchmark teaches AI agents how not to get scammed | 1Password Streamlining SaaS onboarding and offboarding | 1Password 3 common SaaS Management challenges and how to avoid them | 1Password How 1Password Is Evolving Its Partner Ecosystem | 1Password From magic to malware: How OpenClaw's agent skills become an attack surface | 1Password Solving the unsanctioned SaaS problem | 1Password 1Password and 60 Day Hustle: cybersecurity for small businesses | 1Password Security advisory for AI-assisted browsing interactions with the 1Password browser extension | 1Password It’s incredible. It’s terrifying. It’s OpenClaw. | 1Password Managing the risks of social logins | 1Password What’s the first security tool your small business should buy? | 1Password As AI Supercharges Phishing Scams, 1Password Introduces Built-In Protection | 1Password How to interview with confidence at 1Password | 1Password Five tips for successful SaaS Management | 1Password SaaS Manager | 1Password Why SaaS License Waste Is a Cost and Security Problem | 1Password AI is changing the IDE. With 1Password, security keeps up | 1Password How IT teams can get a handle on shadow IT | 1Password Bringing secure, just-in-time secrets to Cursor with 1Password | 1Password The Chasing Entropy Podcast Season One is in the Books | 1Password Now available via QBS Software: 1Password Enterprise Password Manager – MSP Edition | 1Password The role of credentials in the AI espionage campaign reported by Anthropic | 1Password The hidden offboarding step draining your budget | 1Password AWS and 1Password: Innovation in AI and beyond | 1Password Simplifying credential security on OpenAI Atlas | 1Password From Social Work to Social Impact: Growing at 1Password | 1Password Improving in-page notifications in the 1Password browser extension | 1Password Password Manager for Families, Enterprise & Business | 1Password | 1Password Now available via Renaissance: 1Password Enterprise Password Manager – MSP Edition | 1Password Behind the wheel at Oracle Red Bull Racing | 1Password Securing MCP servers with 1Password: Stop credential exposure in your agent configurations | 1Password What’s new in 1Password Enterprise Password Manager - Q4, 2025 | 1Password Belonging as a catalyst for high performance | 1Password Password habits are worsening, but leaders see a path to passwordless | 1Password A simpler, faster way to unlock 1Password | 1Password Oracle Red Bull Racing Episode 4, CIO Matt Cadieux | 1Password 70% of IT and security pros say SSO is falling short | 1Password 1Password's Phishing Survey: Avoid Holiday Phishing Scams | 1Password Securing the Win | 1Password SaaS optimization: How to maximize value and reduce costs | 1Password The enterprise AI crisis: Unsanctioned tools and unenforced policies | 1Password An Identity Security taxonomy for Agentic AI | 1Password Introducing new .env file support in 1Password environments | 1Password Speed and security: Mark Hazelton on protecting Oracle Red Bull Racing’s most valuable asset – its data | 1Password 1Password for Good: Giving back during cybersecurity awareness month | 1Password Utah Mammoth and Utah Jazz score with identity security | 1Password Oracle Red Bull Racing CEO and Team Principal | 1Password Three signs you need a SaaS Management Platform | 1Password Closing the credential risk gap for AI agents using a browser | 1Password Microsoft and Dropbox password managers are sunsetting: What it means and what to do next | 1Password From hackathon nerves to internship wins: Kavya’s journey at 1Password | 1Password 1Password now available in Comet, the AI-powered browser by Perplexity | 1Password 1Password announces new integration with Zscaler | 1Password Breaking the mold: Why more women should consider a career in sales | 1Password What security leaders need to know about mergers and acquisitions | 1Password Clickjacking: What it means for 1Password users | 1Password AI and security at Black Hat: 5 key takeaways from a security expert panel | 1Password Blog | 1Password Do any CISOs feel lucky? | 1Password How to lead with confidence in the AI era: a conversation with Nancy Wang, VP, Engineering | 1Password New Device Trust Check makes browser extension enforcement easier | 1Password Purpose, performance, and trust: Inside the culture powering 1Password’s next chapter | 1Password Now available on Pax8 Marketplace: 1Password Enterprise Password Manager - MSP Edition | 1Password The security principles guiding 1Password’s approach to AI | 1Password Choosing the right SaaS management platform for your business | 1Password Simplify access reviews with 1Password SaaS Manager | 1Password How great usability tripled Duke University's password manager adoption | 1Password
How to build secure agent swarms that power production-grade autonomous systems | 1Password
info@1password.com (Jeff Malnick) · 2026-02-03 · via Blog on 1Password Blog

If one autonomous agent is useful, it is natural to ask whether many agents working together could be dramatically more effective. Over the last few weeks, the AI community has been testing this idea in practice by running large numbers of agents in coordinated swarms. The early results are clear: swarms can be far more capable than individual agents, but only under the right conditions. 

Two distinct patterns have emerged. There are controlled swarms, such as Cursor’s web browser demo, that operate within clearly defined boundaries. There are also uncontrolled swarms, such as OpenClaw, that run with broad, implicit access to user machines and assets.

The productivity gains from swarming are real. In controlled environments, swarms demonstrate that large numbers of agents can coordinate work, iterate in parallel, and solve problems faster than any single agent or human team. At the same time, uncontrolled swarms show how easily these same techniques can bypass basic security and access expectations when they are given ambient authority.

This tension defines the current moment. Builders can see which swarms unlock, and  that running many agents together is qualitatively different from running one. What they cannot yet do is ship these systems safely into enterprise or cloud-native environments using existing operational and security models.

Can agent swarms operate safely?

Cursor’s web browser demo is a strong example of what a well-scoped swarm can achieve. Thousands of agents coordinated to produce a complex piece of software in a short time. The result was not just faster output, but a demonstration that fully autonomous software development is approaching practical reality when the environment is tightly controlled.

In contrast, MoltBot and OpenClaw highlight the risks of applying the same ideas without sufficient constraints. These systems emphasize accessibility and broad capability, but they rely on sweeping access to local machines, filesystems, networks, and credentials. That access is rarely transparent to users and is difficult to reason about or audit. The resulting behavior is impressive, but it comes with significant security and operational risk.

Despite these differences, both approaches point to the same underlying shift: swarms allow agents to operate more efficiently and accurately than previously thought possible, but how do we run them at scale? And in the case of OpenClaw specifically, how do we operate them safely?

Why agent swarms do not translate to production

Today’s swarms run into two fundamental problems.

The first is that successful swarms lack operational rails. Most demonstrations rely on local machines or tightly constrained sandboxes. There is no durable hosting model, no monitoring for swarm health over time, and no mechanism to allow swarms to continue operating without being blocked by slow or manual human decisions. As a result, these systems remain confined to experiments and greenfield use cases.

The second problem is risk. Uncontrolled swarms raise difficult questions for organizations. How do you prevent company-owned assets from being pulled into a swarm unintentionally? How do you stop new swarms from forming across provisioned infrastructure without oversight? How do you ensure that actions taken by agents are attributable, auditable, and reversible?

These are not theoretical concerns. In cloud-native environments, agents run continuously, operate across shared infrastructure, touch production data, and act on behalf of many users. Ambient authority does not exist in these systems, and without explicit identity and access boundaries, swarms can become unsafe and unworkable.

What production-grade agent swarms require

For swarms to move into production environments, several capabilities are required.

There must be a persistent runtime where large numbers of agents can live indefinitely. Like Kubernetes, that runtime must support isolation, coordination, and state without relying on implicit machine-level authority.

Agents must have explicit identity from creation through execution. Every action must be attributable and auditable, with access that is scoped, time-bound, and revocable.

Finally, swarms must be able to act autonomously without being frequently blocked by human decision making, while still supporting human oversight for high-impact actions. This requires clear separation between what agents can do on their own and what requires approval or escalation.

We are excited that platforms and reference architectures are emerging that finally meet these requirements.

Agent swarm architecture in practice

To make this concrete, 1Password built a real-world scenario in which a large number of agents interact with real infrastructure using production credentials. We partnered with Autonomy because it provides a platform that treats agent identity and isolation boundaries as first-class concerns.

A diagram showing agent swarms and tools connected to 1Password credentials and policies, which together go into a box labeled "authorized actions," which finally goes into a box labeled "product infrastructure."

Most runtimes are designed for short-lived workloads, stateless services, or systems that inherit identity and access from the underlying environment. In contrast, Autonomy is designed for long-horizon agents where each agent is a concurrent actor with its own cryptographic identity and isolated workspace (filesystem, shell, etc).

The Autonomy runtime schedules an actor only when it has a message for that actor to process, so thousands of agents can run in parallel on a single machine. Agents can spawn sub-agents, discover each other, and collaborate over encrypted channels.

Here is how we created a swarm:

A code block showing the creation of an agent swarm.

Crucially, identity and authorization are explicit rather than inherited. Each agent has a distinct authenticated identity throughout its lifecycle, and every action is attributable by design. This makes integration with 1Password straightforward. Agents authenticate as themselves, request access dynamically, and receive credentials that are scoped to intent, time-bound, and revocable.

This is in sharp contrast to OpenClaw where there is neither attributable identity nor isolated resources. In our demo, agents do not inherit access from the machine or the network. Instead, they authenticate through Autonomy as themselves to receive auditable and limited access through 1Password.

An autonomous site reliability demonstration

With this foundation in place, we built an autonomous SRE system that operates with minimal interruption. The system monitors reliability signals and, when degradation occurs, spins up swarms of agents to investigate. Some agents inspect logs, others correlate metrics, and others evaluate remediation options. The swarm scales dynamically based on the severity of the issue and scales back down once conditions stabilize.

When remediation falls within delegated authority, agents can act directly using credentials provided securely by 1Password. When a situation requires elevated access or carries higher risk, the system pauses and brings a human into the loop to approve or extend access. No access is implicit, no credentials are permanent, and every action is attributable to a specific agent and decision.

This integration with 1Password reflects how real systems could safely delegate authority to autonomous agents in cloud environments. Check it out below:

How to use 1Password to secure agent swarms

Recent attention around agent swarms has highlighted two very different paths forward. On one end are carefully scoped systems, such as Cursor’s internal swarm experiments, that demonstrate what coordinated agents can achieve when they operate within controlled environments. On the other end are systems like OpenClaw that rely on broad, implicit access to user machines, and spontaneously form their own coordination layer through unsafe public channels. The capabilities may look similar on the surface, but the underlying execution models are not.

The risk with agent swarms is an execution model that unlocks swarm-level capability by discarding access boundaries and relying on ambient authority. That approach can produce impressive results, but it does not hold up for serious use cases where control, auditability, and trust are required.

1Password can solve this problem. As systems become more autonomous, access decisions shift from individual actions to intent. Humans do not want to approve every agent request. They want to express intent once, such as allowing a swarm to access a specific set of resources for defined purposes, and rely on the system to enforce that intent safely across many agents.

Existing access models do not support this shift. They either require constant human intervention or push teams toward unsafe shortcuts that break security controls. Neither approach scales. What is missing is a way to translate a single, high-level access decision into scoped, time-bound authority that can be applied across a swarm while remaining auditable and revocable. 

Agent swarms require execution environments with explicit identity and durable boundaries. When those foundations exist, as they do in platforms like Autonomy, 1Password becomes the access plane: enforcing intent across swarms with scoped, time-bound authority, without sacrificing speed or scale. 

If agent swarms are going to become part of production infrastructure, security cannot be something they bypass to be effective. It has to be something that scales with them.

News and updates for developers

Subscribe to our developer newsletter to be the first to know about new betas, tools, and resources for developers.