惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Know Your Adversary
Know Your Adversary
小众软件
小众软件
L
LangChain Blog
月光博客
月光博客
博客园 - Franky
Microsoft Azure Blog
Microsoft Azure Blog
Y
Y Combinator Blog
有赞技术团队
有赞技术团队
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
MongoDB | Blog
MongoDB | Blog
Recorded Future
Recorded Future
V
Visual Studio Blog
TaoSecurity Blog
TaoSecurity Blog
S
Schneier on Security
C
Cybersecurity and Infrastructure Security Agency CISA
P
Privacy & Cybersecurity Law Blog
T
Threat Research - Cisco Blogs
D
DataBreaches.Net
L
LINUX DO - 热门话题
C
Check Point Blog
F
Fortinet All Blogs
Hugging Face - Blog
Hugging Face - Blog
The Hacker News
The Hacker News
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
Microsoft Security Blog
Microsoft Security Blog
酷 壳 – CoolShell
酷 壳 – CoolShell
V
V2EX
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
The GitHub Blog
The GitHub Blog
P
Proofpoint News Feed
L
Lohrmann on Cybersecurity
博客园 - 司徒正美
T
Threatpost
P
Palo Alto Networks Blog
A
About on SuperTechFans
Spread Privacy
Spread Privacy
Engineering at Meta
Engineering at Meta
N
News | PayPal Newsroom
T
Tailwind CSS Blog
The Last Watchdog
The Last Watchdog
Blog — PlanetScale
Blog — PlanetScale
A
Arctic Wolf
量子位
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
博客园 - 聂微东
Google Online Security Blog
Google Online Security Blog
Google DeepMind News
Google DeepMind News
www.infosecurity-magazine.com
www.infosecurity-magazine.com
V
Vulnerabilities – Threatpost
H
Hacker News: Front Page

Blog on 1Password Blog

Why secure-by-design is an incentives problem, with Bob Lord | 1Password NIST and AI agents: 1Password’s approach to agent identity | 1Password Go beyond device health with External Checks in 1Password Device Trust | 1Password Natoma and 1Password help enterprises scale AI securely with governed agent access | 1Password New integrations between 1Password SaaS Manager and EPM | 1Password A first step toward post-quantum security | 1Password RSA 2026: Leading the way to secure agentic AI | 1Password How 1Password is Building a Culture of AI Fluency Through AI Champions | 1Password 1Password vs. Keeper Security: A comparison | 1Password 1Password vs. LastPass: Which is right for you? | 1Password Secure MCP credentials with 1Password and Runlayer | 1Password The next layer of AI security | 1Password Building the next chapter of Go-to-Market in EMEA | 1Password Automating SOC workflows with 1Password Enterprise Password Manager | 1Password Automated Provisioning hosted by 1Password: A Simpler, Smarter Way to Manage Access | 1Password Introducing 1Password® Unified Access: Identity Security for Humans and Their AI Agents | 1Password Next-generation automated provisioning, without compromising zero-knowledge security | 1Password Bitwarden vs. 1Password: Which password manager is right for you? | 1Password Password Manager for Families, Enterprise & Business | 1Password | 1Password How to wrangle SaaS contract renewals | 1Password Stop trusting consumer browsers with work credentials | 1Password IAM stops at sign-in. Your credentials do not. | 1Password Your digital pit crew: a 10-minute pre-race security checklist | 1Password 1Password Device Trust is coming to EMEA | 1Password The identity transformation: Analyst and CIO insights | 1Password Why now is the moment to join 1Password Go-To-Market | 1Password Identity and Accountability in the Age of AI Agents | 1Password How 1Password secures agent architectures | 1Password 1Password becomes the first global partner to transact through Express Private Offers in AWS Marketplace | 1Password Start Learning on 1Password Academy | 1Password Expanding Programmatic Access to 1Password | 1Password Zero knowledge vs. a malicious server: A look at ETH Zurich’s research | 1Password Agents are making filesystems cool again | 1Password Black History Month employee spotlight: Joseph Ojelade | 1Password 1Password's new benchmark teaches AI agents how not to get scammed | 1Password Streamlining SaaS onboarding and offboarding | 1Password 3 common SaaS Management challenges and how to avoid them | 1Password How 1Password Is Evolving Its Partner Ecosystem | 1Password How to build secure agent swarms that power production-grade autonomous systems | 1Password From magic to malware: How OpenClaw's agent skills become an attack surface | 1Password Solving the unsanctioned SaaS problem | 1Password 1Password and 60 Day Hustle: cybersecurity for small businesses | 1Password Security advisory for AI-assisted browsing interactions with the 1Password browser extension | 1Password It’s incredible. It’s terrifying. It’s OpenClaw. | 1Password Managing the risks of social logins | 1Password What’s the first security tool your small business should buy? | 1Password As AI Supercharges Phishing Scams, 1Password Introduces Built-In Protection | 1Password How to interview with confidence at 1Password | 1Password Five tips for successful SaaS Management | 1Password SaaS Manager | 1Password Why SaaS License Waste Is a Cost and Security Problem | 1Password AI is changing the IDE. With 1Password, security keeps up | 1Password How IT teams can get a handle on shadow IT | 1Password Bringing secure, just-in-time secrets to Cursor with 1Password | 1Password The Chasing Entropy Podcast Season One is in the Books | 1Password Now available via QBS Software: 1Password Enterprise Password Manager – MSP Edition | 1Password The role of credentials in the AI espionage campaign reported by Anthropic | 1Password The hidden offboarding step draining your budget | 1Password AWS and 1Password: Innovation in AI and beyond | 1Password Simplifying credential security on OpenAI Atlas | 1Password From Social Work to Social Impact: Growing at 1Password | 1Password Improving in-page notifications in the 1Password browser extension | 1Password Password Manager for Families, Enterprise & Business | 1Password | 1Password Now available via Renaissance: 1Password Enterprise Password Manager – MSP Edition | 1Password Behind the wheel at Oracle Red Bull Racing | 1Password Securing MCP servers with 1Password: Stop credential exposure in your agent configurations | 1Password What’s new in 1Password Enterprise Password Manager - Q4, 2025 | 1Password Belonging as a catalyst for high performance | 1Password Password habits are worsening, but leaders see a path to passwordless | 1Password A simpler, faster way to unlock 1Password | 1Password Oracle Red Bull Racing Episode 4, CIO Matt Cadieux | 1Password 70% of IT and security pros say SSO is falling short | 1Password 1Password's Phishing Survey: Avoid Holiday Phishing Scams | 1Password Securing the Win | 1Password SaaS optimization: How to maximize value and reduce costs | 1Password An Identity Security taxonomy for Agentic AI | 1Password Introducing new .env file support in 1Password environments | 1Password Speed and security: Mark Hazelton on protecting Oracle Red Bull Racing’s most valuable asset – its data | 1Password 1Password for Good: Giving back during cybersecurity awareness month | 1Password Utah Mammoth and Utah Jazz score with identity security | 1Password Oracle Red Bull Racing CEO and Team Principal | 1Password Three signs you need a SaaS Management Platform | 1Password Closing the credential risk gap for AI agents using a browser | 1Password Microsoft and Dropbox password managers are sunsetting: What it means and what to do next | 1Password From hackathon nerves to internship wins: Kavya’s journey at 1Password | 1Password 1Password now available in Comet, the AI-powered browser by Perplexity | 1Password 1Password announces new integration with Zscaler | 1Password Breaking the mold: Why more women should consider a career in sales | 1Password What security leaders need to know about mergers and acquisitions | 1Password Clickjacking: What it means for 1Password users | 1Password AI and security at Black Hat: 5 key takeaways from a security expert panel | 1Password Blog | 1Password Do any CISOs feel lucky? | 1Password How to lead with confidence in the AI era: a conversation with Nancy Wang, VP, Engineering | 1Password New Device Trust Check makes browser extension enforcement easier | 1Password Purpose, performance, and trust: Inside the culture powering 1Password’s next chapter | 1Password Now available on Pax8 Marketplace: 1Password Enterprise Password Manager - MSP Edition | 1Password The security principles guiding 1Password’s approach to AI | 1Password Choosing the right SaaS management platform for your business | 1Password Simplify access reviews with 1Password SaaS Manager | 1Password How great usability tripled Duke University's password manager adoption | 1Password
The enterprise AI crisis: Unsanctioned tools and unenforced policies | 1Password
info@1password.com (Elaine Atwell) · 2025-10-30 · via Blog on 1Password Blog

Unsanctioned AI tools. Patchy access controls. Unmanaged apps and devices. And of course, compromised credentials. These are the issues revealed in the 1Password Annual Report 2025: The Access-Trust Gap.

The report is based on a survey of over 5,000 knowledge workers, IT and security professionals, and CISOs, and it captures a moment of profound technological and cultural transition. Companies are still playing catch-up to the last few years of change: the rise of hybrid work, the SaaS explosion, the blurred lines between work and personal devices, and AI. IT and security teams are discovering that their go-to tools for securing identities and managing access, such as SSO and MDM, weren’t designed for this world.

The result is a widening Access-Trust Gap: the divide between the types of access that security and IT teams can control, and the reality of how people (and now AI agents) access sensitive data in practice.

The survey data reveals four areas where the Access-Trust Gap is widest and where unsanctioned access poses the greatest threat:

  1. AI-based tools

  2. SaaS apps

  3. Credentials

  4. Devices

In this blog, we’ll address the first section of the report, on generative AI tools. We’ll walk through some of the report’s most eye-opening findings and how IT and security teams can translate them into actionable priorities.

We’ll also explore how 1Password helps close these gaps via 1Password Extended Access Management, a suite of solutions that includes our Enterprise Password Manager, 1Password SaaS Manager (formerly Trelica by 1Password), and 1Password Device Trust.

AI use is high, but policy compliance is low

It should come as no surprise that enthusiasm for generative AI is high, as leaders and workers experiment with AI-based tools to improve productivity and unlock competitive advantages. However, many companies lack clearly defined AI policies, much less the technological guardrails to enforce them.

“I know we’ve got data going into these LLMs that we don’t have control over. The best we can do is sign enterprise agreements that offer some legal protections, but if someone uses a tool we don’t have an agreement for, there’s no protection for us.” Nick Tripp, CISO, Duke University

AI governance statistics from the report

73% of employees are encouraged to use AI for some part of their workloads, but 37% admit they do not always follow their company’s AI policies.

  • 73% of employees are encouraged to use AI for some part of their workloads, but 37% admit they do not always follow their company’s AI policies.

  • 27% of employees have worked on AI-based applications that their employers did not approve

  • 16% of non-IT/security employees believe their company does not have a generative AI policy

    • Only 6% of IT and security professionals believe their company lacks an AI policy, suggesting that there is a gap in awareness and communication between them and less technical employees

It’s worth pausing on the revelation that 37% of employees knowingly and consciously choose not to follow AI policy. This suggests a lack of both technological controls to enforce AI usage policies and a lack of education to convince employees that the risks of unsanctioned AI outweigh any perceived rewards. Any attempt to implement proper governance of AI-based tools must address both shortfalls.

Imperative: AI governance

Companies have a clear interest in employees only using approved AI-based tools for work tasks, especially if those tasks involve processing sensitive customer, employee, or internal data. Unsanctioned AI tools can absorb sensitive data into training models, generate harmful outputs, or even function as outright malware. In any case, shadow AI poses a threat to compliance, security, and auditability.

With that in mind, IT’s priorities for AI governance should include the following:

  1. Maintain a complete inventory of AI tools in use at your organization and conduct regular audits.

  2. Establish clear policies, enforce appropriate AI usage, and guide users toward safe tools and behaviors.

  3. Invest in controls to ensure only company-sanctioned AI tools can access company data.

How 1Password helps close the Access-Trust Gap for AI

Closing the Access-Trust Gap for AI means ensuring that employees can access the tools they need to be productive, but putting guardrails in place to stop unsanctioned and dangerous AI. 1Password is committed to helping companies embrace AI without sacrificing security, and our security principles are reflected in each solution of Extended Access Management.

With that in mind, let’s go through each of the priorities listed above and discuss how 1Password helps to address them.

Maintain a complete inventory of AI tools in use at your organization and conduct regular audits

1Password SaaS Manager is a SaaS management platform that enables IT teams to discover every SaaS tool in their organization. It enables continuous discovery, provides risk and compliance profiles for both managed and unmanaged SaaS applications, and lets IT admins customize alerts and define automated actions based on specific criteria.

Invest in controls to ensure only company-sanctioned AI tools can access company data

Employees are incentivized to use whatever tools make them most productive, and 1Password SaaS Manager securely facilitates this via a self-serve app hub, so they can easily access approved, sanctioned AI tools rather than seeking out shadow AI.

Meanwhile, 1Password Device Trust helps communicate and enforce AI policies. Admins can create a Check that scans employee devices for unsanctioned AI tools and prevents the device from authenticating to managed apps until the blocklisted tool is uninstalled.

Establish clear policies, enforce appropriate AI usage, and guide users toward safe tools and behaviors

Crucially, when Device Trust blocks a user from authenticating, it explains the rationale for these decisions in plain language, ensuring employees are continually educated about their company’s security policies. For example, if the device trust agent detects an employee using their personal ChatGPT account, it blocks them and directs them to the company-sanctioned workspace.

Invest in controls to ensure only company-sanctioned AI tools can access company data

Employees are incentivized to use whatever tools make them most productive, and 1Password SaaS Manager securely facilitates this via a self-serve app hub, so they can easily access approved, sanctioned AI tools rather than seeking out shadow AI.

Meanwhile, 1Password Device Trust helps communicate and enforce AI policies. Admins can create a Check that scans employee devices for unsanctioned AI tools and prevents the device from authenticating to managed apps until the blocklisted tool is uninstalled.

Establish clear policies, enforce appropriate AI usage, and guide users toward safe tools and behaviors

Crucially, when Device Trust blocks a user from authenticating, it explains the rationale for these decisions in plain language, ensuring employees are continually educated about their company’s security policies. For example, if the device trust agent detects an employee using their personal ChatGPT account, it blocks them and directs them to the company-sanctioned workspace.

Close your Access-Trust Gap with 1Password

The rate of technological transformation isn’t slowing down anytime soon, which means there will never be a better time to assess your own organization’s Access-Trust Gap and start closing it.

You can also click here to read the full Access-Trust Gap report.

To learn more about how 1Password can help you secure your business without slowing you down, reach out to us today.