惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

V2EX - 技术
V2EX - 技术
P
Privacy International News Feed
Security Latest
Security Latest
H
Hacker News: Front Page
T
Tenable Blog
The Hacker News
The Hacker News
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
S
Security @ Cisco Blogs
Project Zero
Project Zero
O
OpenAI News
AI
AI
Spread Privacy
Spread Privacy
C
CERT Recently Published Vulnerability Notes
The Last Watchdog
The Last Watchdog
G
GRAHAM CLULEY
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Scott Helme
Scott Helme
Application and Cybersecurity Blog
Application and Cybersecurity Blog
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
C
CXSECURITY Database RSS Feed - CXSecurity.com
NISL@THU
NISL@THU
A
Arctic Wolf
T
Threat Research - Cisco Blogs
PCI Perspectives
PCI Perspectives
N
News and Events Feed by Topic
C
Cyber Attacks, Cyber Crime and Cyber Security
C
Cybersecurity and Infrastructure Security Agency CISA
Simon Willison's Weblog
Simon Willison's Weblog
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Know Your Adversary
Know Your Adversary
Google Online Security Blog
Google Online Security Blog
罗磊的独立博客
L
LINUX DO - 最新话题
U
Unit 42
S
Security Affairs
有赞技术团队
有赞技术团队
WordPress大学
WordPress大学
博客园 - 【当耐特】
T
The Exploit Database - CXSecurity.com
S
Schneier on Security
月光博客
月光博客
Engineering at Meta
Engineering at Meta
腾讯CDC
F
Full Disclosure
Cyberwarzone
Cyberwarzone
S
SegmentFault 最新的问题
Recorded Future
Recorded Future
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
博客园 - 司徒正美
The Cloudflare Blog

Blog on 1Password Blog

Why secure-by-design is an incentives problem, with Bob Lord | 1Password NIST and AI agents: 1Password’s approach to agent identity | 1Password Go beyond device health with External Checks in 1Password Device Trust | 1Password Natoma and 1Password help enterprises scale AI securely with governed agent access | 1Password New integrations between 1Password SaaS Manager and EPM | 1Password A first step toward post-quantum security | 1Password RSA 2026: Leading the way to secure agentic AI | 1Password How 1Password is Building a Culture of AI Fluency Through AI Champions | 1Password 1Password vs. Keeper Security: A comparison | 1Password 1Password vs. LastPass: Which is right for you? | 1Password Secure MCP credentials with 1Password and Runlayer | 1Password The next layer of AI security | 1Password Building the next chapter of Go-to-Market in EMEA | 1Password Automating SOC workflows with 1Password Enterprise Password Manager | 1Password Automated Provisioning hosted by 1Password: A Simpler, Smarter Way to Manage Access | 1Password Introducing 1Password® Unified Access: Identity Security for Humans and Their AI Agents | 1Password Next-generation automated provisioning, without compromising zero-knowledge security | 1Password Bitwarden vs. 1Password: Which password manager is right for you? | 1Password Password Manager for Families, Enterprise & Business | 1Password | 1Password How to wrangle SaaS contract renewals | 1Password Stop trusting consumer browsers with work credentials | 1Password IAM stops at sign-in. Your credentials do not. | 1Password Your digital pit crew: a 10-minute pre-race security checklist | 1Password 1Password Device Trust is coming to EMEA | 1Password The identity transformation: Analyst and CIO insights | 1Password Why now is the moment to join 1Password Go-To-Market | 1Password Identity and Accountability in the Age of AI Agents | 1Password How 1Password secures agent architectures | 1Password 1Password becomes the first global partner to transact through Express Private Offers in AWS Marketplace | 1Password Start Learning on 1Password Academy | 1Password Expanding Programmatic Access to 1Password | 1Password Zero knowledge vs. a malicious server: A look at ETH Zurich’s research | 1Password Black History Month employee spotlight: Joseph Ojelade | 1Password 1Password's new benchmark teaches AI agents how not to get scammed | 1Password Streamlining SaaS onboarding and offboarding | 1Password 3 common SaaS Management challenges and how to avoid them | 1Password How 1Password Is Evolving Its Partner Ecosystem | 1Password How to build secure agent swarms that power production-grade autonomous systems | 1Password From magic to malware: How OpenClaw's agent skills become an attack surface | 1Password Solving the unsanctioned SaaS problem | 1Password 1Password and 60 Day Hustle: cybersecurity for small businesses | 1Password Security advisory for AI-assisted browsing interactions with the 1Password browser extension | 1Password It’s incredible. It’s terrifying. It’s OpenClaw. | 1Password Managing the risks of social logins | 1Password What’s the first security tool your small business should buy? | 1Password As AI Supercharges Phishing Scams, 1Password Introduces Built-In Protection | 1Password How to interview with confidence at 1Password | 1Password Five tips for successful SaaS Management | 1Password SaaS Manager | 1Password Why SaaS License Waste Is a Cost and Security Problem | 1Password AI is changing the IDE. With 1Password, security keeps up | 1Password How IT teams can get a handle on shadow IT | 1Password Bringing secure, just-in-time secrets to Cursor with 1Password | 1Password The Chasing Entropy Podcast Season One is in the Books | 1Password Now available via QBS Software: 1Password Enterprise Password Manager – MSP Edition | 1Password The role of credentials in the AI espionage campaign reported by Anthropic | 1Password The hidden offboarding step draining your budget | 1Password AWS and 1Password: Innovation in AI and beyond | 1Password Simplifying credential security on OpenAI Atlas | 1Password From Social Work to Social Impact: Growing at 1Password | 1Password Improving in-page notifications in the 1Password browser extension | 1Password Password Manager for Families, Enterprise & Business | 1Password | 1Password Now available via Renaissance: 1Password Enterprise Password Manager – MSP Edition | 1Password Behind the wheel at Oracle Red Bull Racing | 1Password Securing MCP servers with 1Password: Stop credential exposure in your agent configurations | 1Password What’s new in 1Password Enterprise Password Manager - Q4, 2025 | 1Password Belonging as a catalyst for high performance | 1Password Password habits are worsening, but leaders see a path to passwordless | 1Password A simpler, faster way to unlock 1Password | 1Password Oracle Red Bull Racing Episode 4, CIO Matt Cadieux | 1Password 70% of IT and security pros say SSO is falling short | 1Password 1Password's Phishing Survey: Avoid Holiday Phishing Scams | 1Password Securing the Win | 1Password SaaS optimization: How to maximize value and reduce costs | 1Password The enterprise AI crisis: Unsanctioned tools and unenforced policies | 1Password An Identity Security taxonomy for Agentic AI | 1Password Introducing new .env file support in 1Password environments | 1Password Speed and security: Mark Hazelton on protecting Oracle Red Bull Racing’s most valuable asset – its data | 1Password 1Password for Good: Giving back during cybersecurity awareness month | 1Password Utah Mammoth and Utah Jazz score with identity security | 1Password Oracle Red Bull Racing CEO and Team Principal | 1Password Three signs you need a SaaS Management Platform | 1Password Closing the credential risk gap for AI agents using a browser | 1Password Microsoft and Dropbox password managers are sunsetting: What it means and what to do next | 1Password From hackathon nerves to internship wins: Kavya’s journey at 1Password | 1Password 1Password now available in Comet, the AI-powered browser by Perplexity | 1Password 1Password announces new integration with Zscaler | 1Password Breaking the mold: Why more women should consider a career in sales | 1Password What security leaders need to know about mergers and acquisitions | 1Password Clickjacking: What it means for 1Password users | 1Password AI and security at Black Hat: 5 key takeaways from a security expert panel | 1Password Blog | 1Password Do any CISOs feel lucky? | 1Password How to lead with confidence in the AI era: a conversation with Nancy Wang, VP, Engineering | 1Password New Device Trust Check makes browser extension enforcement easier | 1Password Purpose, performance, and trust: Inside the culture powering 1Password’s next chapter | 1Password Now available on Pax8 Marketplace: 1Password Enterprise Password Manager - MSP Edition | 1Password The security principles guiding 1Password’s approach to AI | 1Password Choosing the right SaaS management platform for your business | 1Password Simplify access reviews with 1Password SaaS Manager | 1Password How great usability tripled Duke University's password manager adoption | 1Password
Agents are making filesystems cool again | 1Password
info@1password.com (Wayne Duso and Nancy Wang) · 2026-02-13 · via Blog on 1Password Blog

Agent swarms are having a moment.

The AI headlines of early 2026 have been dominated by stories where swarms of hundreds or thousands of agents have worked together to accomplish staggeringly complex tasks. 

These swarms broadly fall into two types. To quote my 1Password colleague, Jeff Malnick, “There are controlled swarms, such as Cursor’s web browser demo, that operate within clearly defined boundaries. There are also uncontrolled swarms, such as OpenClaw, that run with broad, implicit access to user machines and assets.”

Both types of swarms have undeniably impressive capabilities, but they also have serious limitations. Right now, many of these systems only work because they implicitly inherit access to a developer’s machine, filesystem, network, and their credentials. That level of unfettered access may work in a sandbox, but it is not viable for production.

What is becoming clear is that the hardest problem with agent swarms is not prompting, planning, or model choice. It is abstraction and isolation. Isolating using virtual machines or containers works great for compute. Isolating data with virtual disks works well too. But swarms work best when they can securely share context, results, documents, and more. They do so using files and filesystems, as every operating system and programming language provides agents all the tools they need, ready to use, for reading, writing, sharing, searching, and organizing their context, memory, and results. And thus, file systems are cool again.

Filesystems give agents a universal, durable abstraction for memory and coordination.

What they do not give you is a way to express intent, authority, or accountability at the level agents operate.

Filesystems are necessary for swarms, but combining them with an identity control layer begins to truly point us in the direction of what production-ready swarms can look like.

Why filesystems work for agents (and why that surprised everyone)

At first glance, it is odd that something as long-lived as the filesystem has become the center of modern agent systems. We have databases, vector stores, APIs, and purpose-built orchestration frameworks. Surely one of those should be the right abstraction.

And yet, when you look at what actually works in practice, agent systems keep converging on the filesystem.

The reason for this is more about coordination than storage.

Agents don’t just need memory. They need a workspace: a place to externalize partial results, evolve plans, share artifacts, and revisit prior work without dragging everything through a context window. Filesystems provide this naturally. They allow agents to persist state cheaply, load it incrementally, and discard it when it is no longer relevant. This lets agents work on problems that are larger than their immediate context without pretending that everything must fit in a single prompt.

Just as importantly, filesystems align with how models already operate. Modern models are deeply trained on code, repositories, logs, diffs, and shell workflows. Navigating directories, inspecting files, grepping for details, and comparing changes are native behaviors for agents. A filesystem is largely self-describing, which means agents can discover what matters without being taught a new API or paying a constant context tax to remember how a tool works.

This advantage compounds as soon as you move beyond a single agent.

With multiple agents, the problem shifts from reasoning to coordination. Filesystems scale here because they offer a shared, addressable namespace. Agents do not need to synchronize through tight coupling or complex protocols. They coordinate by producing and consuming artifacts. One agent writes a plan, another refines it. One agent generates data, another audits it. Failures stay localized, late-joining agents can inspect the current state, and parallel work becomes the default rather than the exception.

Equally critical is that filesystems give you something most swarm demos lack: auditability. Every meaningful action leaves a trail. Changes can be inspected, diffed, attributed, and rolled back. When something goes wrong, you can ask what happened and get an answer. This transparency is a prerequisite for letting agents interact with real systems.

Filesystems also provide a clean boundary for authority. Instead of reasoning about which tools an agent may call or which parameters are safe, you reason about which paths it can read or write, for how long, and under which identity. That boundary is easy to understand, easy to revoke, and easy to monitor. It mirrors the isolation models we already rely on for containers, CI systems, and distributed workloads.

None of this means filesystems replace everything. Structured, schema-stable data still belongs in databases. But agents operate in a world of messy, evolving artifacts: plans, logs, intermediate outputs, code, documents, and checkpoints. Filesystems accept all of this without forcing premature structure, which is exactly what makes them effective as shared context.

The deeper shift is that filesystems are no longer just a place to dump data. They are becoming the dependency layer for agent state. Instead of bundling all context up front or granting broad ambient access, agents can declare what data they depend on and materialize only what they need. That makes agents portable, reproducible, and composable in ways that ad-hoc tool integrations never quite achieve.

This is why filesystems keep reappearing at the center of agent architectures. They do not make agents smarter. They make them legible, controllable, and scalable. And once you start running swarms instead of demos, those properties matter more than anything else.

Why the solution becomes a fault line

Both host and shared filesystems are a proven abstraction and tool for agents and agent swarms. It is the most natural place to put shared state. It requires little to no exotic or bespoke tooling or systems. On a host, every process can access the file system. On a network, every client can potentially mount and modify a shared file system if their permissions and identity are too promiscuous. Simply write context memory, logs, and other intermediate artifacts into a well-structured directory, move on and pick up at any time.

Filesystem for AI agent context | 1Password

That convenience is also the problem.

For example, once an agent has access to the host filesystem, it effectively inherits the authority of the machine. It can read any file, regardless of whether it was meant to be seen or not. It can persist state forever.  It can interfere with other co-located agents in ways that are subtle and challenging to debug. The same can be true for large swarms coordinating in a networked or cloud environment using a networked file system. 

This is similar to a class of failure we saw before containers and virtual machines became mainstream. The convenience of shared disks and shared state worked until it didn’t, and when they failed, the blast radius was often massive.

For swarms, a shared filesystem defines what an agent can know and what it can affect. If that boundary is fuzzy, everything built on top of it becomes hard to reason about.

The missing piece for production-ready swarms

The current approaches to managing swarms break down when we attempt to move them from the sandbox to the real world.

Swarms work in demos because everything runs on a single machine with a human nearby. They fail in production because there is no durable runtime and no clean way to manage authority over time.

Without isolation, you can’t answer questions like:

  • Which agent touched this file?

  • Why did it have access?

  • Can we revoke that access right now?

  • What state is safe to keep and what should be discarded?

Answering these questions requires a system that operates at execution time, not just at storage time.

Something has to issue identity to agents, bind that identity to scoped authority, and enforce it continuously as agents run.

Running distributed systems in the cloud forced us to confront these questions years ago. Agent swarms need that same level of rigor in order to be allowed to make contact with real infrastructure.

Building the identity layer for AI swarms

If you want to run swarms outside of demos, a few things become non-negotiable.

You need a persistent runtime where agents can live longer than a single task. That runtime has to handle isolation, coordination, and state without resorting to machine-level access.

Agents need explicit identity from the moment they are created. Every action needs to be attributable. Access needs to be scoped, time-bound, and revocable.

This is the role 1Password is evolving toward for agents.

We already sit at the point where identity, credentials, and sensitive actions meet execution. As agents move into production, that same control point becomes the natural place to broker agent identity, grant just-in-time access, and revoke it while agents are still running.

Finally, swarms need to operate autonomously most of the time, while still requiring oversight for high-risk actions. That requires a clean separation between what agents are allowed to do and what requires approval.

In practice, this turns the filesystem into a capability surface rather than a free-for-all disk.

Agents still read and write files. Tools still speak POSIX. What changes is that every filesystem operation is backed by an identity, a policy decision, and a lease.

None of this is exotic. These are the same requirements we learned to enforce for distributed systems. We just have to apply them to agents.

News and updates for developers

Subscribe to our developer newsletter to be the first to know about new betas, tools, and resources for developers.