惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Security Archives - TechRepublic
Security Archives - TechRepublic
罗磊的独立博客
T
The Blog of Author Tim Ferriss
The GitHub Blog
The GitHub Blog
Apple Machine Learning Research
Apple Machine Learning Research
The Register - Security
The Register - Security
J
Java Code Geeks
V2EX - 技术
V2EX - 技术
Vercel News
Vercel News
N
News and Events Feed by Topic
腾讯CDC
P
Proofpoint News Feed
N
News | PayPal Newsroom
www.infosecurity-magazine.com
www.infosecurity-magazine.com
爱范儿
爱范儿
O
OpenAI News
酷 壳 – CoolShell
酷 壳 – CoolShell
月光博客
月光博客
Martin Fowler
Martin Fowler
Engineering at Meta
Engineering at Meta
D
Docker
Y
Y Combinator Blog
博客园 - 聂微东
G
Google Developers Blog
S
Security @ Cisco Blogs
Simon Willison's Weblog
Simon Willison's Weblog
S
Schneier on Security
H
Hackread – Cybersecurity News, Data Breaches, AI and More
S
SegmentFault 最新的问题
云风的 BLOG
云风的 BLOG
阮一峰的网络日志
阮一峰的网络日志
C
CXSECURITY Database RSS Feed - CXSecurity.com
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
C
CERT Recently Published Vulnerability Notes
I
Intezer
G
GRAHAM CLULEY
有赞技术团队
有赞技术团队
Attack and Defense Labs
Attack and Defense Labs
V
Visual Studio Blog
博客园 - Franky
博客园 - 三生石上(FineUI控件)
W
WeLiveSecurity
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
Hugging Face - Blog
Hugging Face - Blog
Scott Helme
Scott Helme
T
Troy Hunt's Blog
Hacker News - Newest:
Hacker News - Newest: "LLM"
L
LINUX DO - 最新话题
C
Cybersecurity and Infrastructure Security Agency CISA

Blog on 1Password Blog

Why secure-by-design is an incentives problem, with Bob Lord | 1Password NIST and AI agents: 1Password’s approach to agent identity | 1Password Go beyond device health with External Checks in 1Password Device Trust | 1Password Natoma and 1Password help enterprises scale AI securely with governed agent access | 1Password New integrations between 1Password SaaS Manager and EPM | 1Password A first step toward post-quantum security | 1Password RSA 2026: Leading the way to secure agentic AI | 1Password How 1Password is Building a Culture of AI Fluency Through AI Champions | 1Password 1Password vs. Keeper Security: A comparison | 1Password 1Password vs. LastPass: Which is right for you? | 1Password Secure MCP credentials with 1Password and Runlayer | 1Password The next layer of AI security | 1Password Building the next chapter of Go-to-Market in EMEA | 1Password Automating SOC workflows with 1Password Enterprise Password Manager | 1Password Automated Provisioning hosted by 1Password: A Simpler, Smarter Way to Manage Access | 1Password Introducing 1Password® Unified Access: Identity Security for Humans and Their AI Agents | 1Password Next-generation automated provisioning, without compromising zero-knowledge security | 1Password Bitwarden vs. 1Password: Which password manager is right for you? | 1Password Password Manager for Families, Enterprise & Business | 1Password | 1Password How to wrangle SaaS contract renewals | 1Password Stop trusting consumer browsers with work credentials | 1Password IAM stops at sign-in. Your credentials do not. | 1Password Your digital pit crew: a 10-minute pre-race security checklist | 1Password 1Password Device Trust is coming to EMEA | 1Password The identity transformation: Analyst and CIO insights | 1Password Why now is the moment to join 1Password Go-To-Market | 1Password How 1Password secures agent architectures | 1Password 1Password becomes the first global partner to transact through Express Private Offers in AWS Marketplace | 1Password Start Learning on 1Password Academy | 1Password Expanding Programmatic Access to 1Password | 1Password Zero knowledge vs. a malicious server: A look at ETH Zurich’s research | 1Password Agents are making filesystems cool again | 1Password Black History Month employee spotlight: Joseph Ojelade | 1Password 1Password's new benchmark teaches AI agents how not to get scammed | 1Password Streamlining SaaS onboarding and offboarding | 1Password 3 common SaaS Management challenges and how to avoid them | 1Password How 1Password Is Evolving Its Partner Ecosystem | 1Password How to build secure agent swarms that power production-grade autonomous systems | 1Password From magic to malware: How OpenClaw's agent skills become an attack surface | 1Password Solving the unsanctioned SaaS problem | 1Password 1Password and 60 Day Hustle: cybersecurity for small businesses | 1Password Security advisory for AI-assisted browsing interactions with the 1Password browser extension | 1Password It’s incredible. It’s terrifying. It’s OpenClaw. | 1Password Managing the risks of social logins | 1Password What’s the first security tool your small business should buy? | 1Password As AI Supercharges Phishing Scams, 1Password Introduces Built-In Protection | 1Password How to interview with confidence at 1Password | 1Password Five tips for successful SaaS Management | 1Password SaaS Manager | 1Password Why SaaS License Waste Is a Cost and Security Problem | 1Password AI is changing the IDE. With 1Password, security keeps up | 1Password How IT teams can get a handle on shadow IT | 1Password Bringing secure, just-in-time secrets to Cursor with 1Password | 1Password The Chasing Entropy Podcast Season One is in the Books | 1Password Now available via QBS Software: 1Password Enterprise Password Manager – MSP Edition | 1Password The role of credentials in the AI espionage campaign reported by Anthropic | 1Password The hidden offboarding step draining your budget | 1Password AWS and 1Password: Innovation in AI and beyond | 1Password Simplifying credential security on OpenAI Atlas | 1Password From Social Work to Social Impact: Growing at 1Password | 1Password Improving in-page notifications in the 1Password browser extension | 1Password Password Manager for Families, Enterprise & Business | 1Password | 1Password Now available via Renaissance: 1Password Enterprise Password Manager – MSP Edition | 1Password Behind the wheel at Oracle Red Bull Racing | 1Password Securing MCP servers with 1Password: Stop credential exposure in your agent configurations | 1Password What’s new in 1Password Enterprise Password Manager - Q4, 2025 | 1Password Belonging as a catalyst for high performance | 1Password Password habits are worsening, but leaders see a path to passwordless | 1Password A simpler, faster way to unlock 1Password | 1Password Oracle Red Bull Racing Episode 4, CIO Matt Cadieux | 1Password 70% of IT and security pros say SSO is falling short | 1Password 1Password's Phishing Survey: Avoid Holiday Phishing Scams | 1Password Securing the Win | 1Password SaaS optimization: How to maximize value and reduce costs | 1Password The enterprise AI crisis: Unsanctioned tools and unenforced policies | 1Password An Identity Security taxonomy for Agentic AI | 1Password Introducing new .env file support in 1Password environments | 1Password Speed and security: Mark Hazelton on protecting Oracle Red Bull Racing’s most valuable asset – its data | 1Password 1Password for Good: Giving back during cybersecurity awareness month | 1Password Utah Mammoth and Utah Jazz score with identity security | 1Password Oracle Red Bull Racing CEO and Team Principal | 1Password Three signs you need a SaaS Management Platform | 1Password Closing the credential risk gap for AI agents using a browser | 1Password Microsoft and Dropbox password managers are sunsetting: What it means and what to do next | 1Password From hackathon nerves to internship wins: Kavya’s journey at 1Password | 1Password 1Password now available in Comet, the AI-powered browser by Perplexity | 1Password 1Password announces new integration with Zscaler | 1Password Breaking the mold: Why more women should consider a career in sales | 1Password What security leaders need to know about mergers and acquisitions | 1Password Clickjacking: What it means for 1Password users | 1Password AI and security at Black Hat: 5 key takeaways from a security expert panel | 1Password Blog | 1Password Do any CISOs feel lucky? | 1Password How to lead with confidence in the AI era: a conversation with Nancy Wang, VP, Engineering | 1Password New Device Trust Check makes browser extension enforcement easier | 1Password Purpose, performance, and trust: Inside the culture powering 1Password’s next chapter | 1Password Now available on Pax8 Marketplace: 1Password Enterprise Password Manager - MSP Edition | 1Password The security principles guiding 1Password’s approach to AI | 1Password Choosing the right SaaS management platform for your business | 1Password Simplify access reviews with 1Password SaaS Manager | 1Password How great usability tripled Duke University's password manager adoption | 1Password
Identity and Accountability in the Age of AI Agents | 1Password
info@1password.com (Nancy Wang) · 2026-02-24 · via Blog on 1Password Blog

AI agents have crossed the line from assisting humans to acting on their behalf. In production environments, that shift changes the security model.

Security leaders say that the main challenge isn’t getting an agent to do something useful. It’s knowing, at runtime, what actions are permitted, which identity it’s operating under, and how to reconstruct what happened afterward. I recently contributed to the 2026: The End of Vibe Adoption whitepaper with researchers from Stanford’s Trustworthy AI Research Lab, led by Professor Sanmi Koyejo, in collaboration with the AIUC-1 Consortium and enterprise security leaders including Jen Easterly (RSAC), Omar Khawaja (Databricks), Mandy Andress (Elastic), Chris Monson (Atlassian), Phil Venables (Google Cloud), Chris Sandulow (Confluent), Gagandeep Singh (Salesforce) and others across industry and government. The research and field experience converge on a simple point: before regulators or insurers can address AI-related harm, enterprises need technical clarity around runtime identity, responsibility, and auditability before deploying agents in critical systems. The gap is not governance intent. It is execution control.

Three challenges shaping 2026

In the whitepaper, we outline three defining challenges for 2026:

  1. The agent challenge

  2. The visibility challenge

  3. The trust challenge

These challenges are interconnected. Each one ultimately stresses the same foundation: identity, access, and accountability must operate at the same speed as autonomous systems.

The agent challenge is about execution. AI has moved from assistant to autonomous actor. Agents don’t just recommend actions; they invoke APIs, retrieve data, create records, modify configurations, and orchestrate workflows across multiple systems.

If that execution is backed by long-lived or over-permissioned credentials, risk scales just as quickly as capability. Traditional access control models were designed for users operating at human speed. However, agents do not operate that way. They execute actions in milliseconds and rely on non-human identities, often acting across systems where accountability boundaries are unclear. Identity must therefore be dynamic, not static. Each agent action should be tied to a scoped, short-lived identity at runtime—eliminating shared credentials, enforcing least privilege at the tool and data layer, issuing access just-in-time with clear expiration, and capturing credential issuance, tool execution, and data access in a unified audit trail where identity is inseparable from action. In production environments, the dominant failure mode is rarely model hallucination. It is over-privileged agents holding persistent access and executing cross-system actions without tightly defined containment boundaries. When prompt injection or logic flaws occur, the blast radius is determined by the existing permissions.

When harm occurs, attribution gets murky

Both the research and practitioner discussions highlight the challenge of attribution.

When a human makes an error, we can usually trace their access and decision path. When a deterministic system fails, logs often tell a linear story. 

With agents, harm may result from prompt manipulation, model updates, tool misconfigurations, over-permissioned non-human identities, or subtle changes in system prompts. Increasingly, the research shows that attacks unfold as sequential task-level chains, where no single step appears malicious in isolation. A conversation may gradually lead an agent to retrieve sensitive data or to invoke a tool outside its intended scope. Without structured logging of prompts, retrieval steps, tool parameters, and runtime identity, reconstructing causality becomes extremely difficult. Traditional controls assume static assets and clear ownership. Agent systems are dynamic and distributed across complex supply chains. As Omar Khawaja, VP & Field CISO at Databricks, noted, “AI components change constantly across the supply chain, but security controls assume static assets, creating blind spots, friction, and no clear accountability when behavior shifts.”

If runtime identity isn’t clearly defined and logged, and if tool usage isn’t auditable, attribution becomes guesswork. When attribution is unclear, containment, regulatory reporting, and insurer conversations become significantly more challenging.

Before we debate liability models for autonomous systems, we need a technical foundation that makes responsibility observable.

Visibility is the prerequisite

Many organizations lack full visibility into which AI systems are operating in their environment, what data those systems access, or how their behavior changes over time.

This extends beyond unsanctioned chatbots. It includes embedded assistants enabled by default in SaaS platforms, internal teams wiring together APIs without formal review, and quiet changes to models or prompts that alter system behavior without passing through traditional change management processes. Visibility, in this context, is not just an inventory exercise. It requires mapping non-human identities to specific agents, tracking what data domains those identities can access, and monitoring how agent workflows traverse systems. It also requires logging prompts, tool calls, and outputs in a structured manner that supports both security analysis and forensic reconstruction.

AI components change frequently. Data refreshes, model swaps, and prompt adjustments can quietly introduce new risk. Without continuous monitoring of identity usage and data flows, ownership becomes diffuse and accountability erodes. As Gagandeep Singh, VP, Global Compliance & Certification at Salesforce, observed, “AI risk increasingly manifests as unowned operational decisions, not deliberate security failures.”

You can’t secure what you can’t see. For agents, visibility requires enforcing identity controls at runtime.

From governance principles to technical controls

High-level AI governance frameworks provide important structure, but we also identified a gap: governance principles alone don’t answer the technical questions CISOs are asking. These questions are specific: 

  • How do we validate tool parameters before execution? 

  • How do we detect cascading failures within multi-agent systems? 

  • How do we enforce least privilege for non-human actors? 

  • How do we log and alert on prompt injection attempts in production?

Technically grounded frameworks translate governance intent into specific, auditable requirements. They require that identity boundaries be enforced programmatically, that data access be scoped by policy, and that agent execution paths be testable under adversarial conditions.

From my vantage point, identity and access controls are essential to make that translation possible.

Designing for containment

A key lesson from both the Stanford research and consortium discussions is that model-level safety alone is not enough. As Professor Sanmi Koyejo explained, “Model-level safety is necessary but not sufficient. Fine-tuning attacks, extraction attacks, and indirect prompt injection all bypass many model guardrails.”

That’s why I approach agent deployment with a simple assumption that something will fail. The question is whether we’ve designed the system to contain it. Containment begins with identity. Every agent action should execute under a clearly scoped, short-lived identity. High-risk operations should be isolated. Access to sensitive or regulated data domains should be segmented to prevent cross-context drift.

Containment also requires adversarial testing. Organizations are increasingly testing agent workflows against prompt injection attempts, tool parameter manipulation, data exfiltration scenarios, and cascading multi-agent failures. These exercises evaluate not only output quality but also the integrity of access controls and the resilience of identity boundaries under stress.

The goal is not to eliminate all failure, but to ensure that when failure occurs, the impact is limited and reconstructable.

A foundation before scale

In nearly every board and executive discussion, the focus has shifted from whether to adopt AI to how to scale it responsibly. Regulators are clarifying expectations. Insurers are beginning to evaluate operational controls. Underwriters increasingly ask whether runtime identity is enforced, whether least privilege is applied to non-human actors, whether adversarial testing is conducted, and whether harmful outcomes can be reconstructed from logs. For example, ElevenLabs recently secured insurance coverage for its customer-facing AI voice agents after completing more than 5,000 adversarial simulations spanning privacy, safety, security, reliability, and accountability domains. Those simulations modeled real-world failure modes, from hallucinations to prompt injection, generating risk evidence that insurers could underwrite.

Insurability, in this context, reflects architectural maturity.

But before regulators, insurers, or boards can meaningfully assess AI exposure, organizations must be able to answer who or what acted, under which identity, with what authorization, accessing which data, at what time, and based on which inputs. That requires extending identity, access control, visibility, and auditability to autonomous systems operating at machine speed.

From my perspective, that’s the real inflection point. The era of unstructured experimentation is ending. The organizations that will succeed will build a technically grounded foundation that extends identity, access control, visibility, and auditability to autonomous systems operating at machine speed.

Agents aren’t just another user. They represent a new class of actors in our environments, and our security architecture must evolve accordingly.

News and updates for developers

Subscribe to our developer newsletter to be the first to know about new betas, tools, and resources for developers.