惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Hacker News: Ask HN
Hacker News: Ask HN
WordPress大学
WordPress大学
H
Help Net Security
小众软件
小众软件
N
Netflix TechBlog - Medium
C
Check Point Blog
量子位
Last Week in AI
Last Week in AI
GbyAI
GbyAI
Martin Fowler
Martin Fowler
M
MIT News - Artificial intelligence
博客园 - 聂微东
Engineering at Meta
Engineering at Meta
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
J
Java Code Geeks
D
DataBreaches.Net
Project Zero
Project Zero
P
Proofpoint News Feed
T
Threat Research - Cisco Blogs
Security Latest
Security Latest
Cisco Talos Blog
Cisco Talos Blog
Recorded Future
Recorded Future
I
Intezer
L
Lohrmann on Cybersecurity
Cyberwarzone
Cyberwarzone
博客园_首页
C
Cyber Attacks, Cyber Crime and Cyber Security
L
LangChain Blog
P
Palo Alto Networks Blog
V
V2EX
D
Darknet – Hacking Tools, Hacker News & Cyber Security
T
The Exploit Database - CXSecurity.com
The Hacker News
The Hacker News
Blog — PlanetScale
Blog — PlanetScale
G
GRAHAM CLULEY
T
The Blog of Author Tim Ferriss
C
Cisco Blogs
The Register - Security
The Register - Security
L
LINUX DO - 热门话题
P
Privacy & Cybersecurity Law Blog
Scott Helme
Scott Helme
F
Full Disclosure
博客园 - 司徒正美
Recent Announcements
Recent Announcements
IT之家
IT之家
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
Attack and Defense Labs
Attack and Defense Labs
Cloudbric
Cloudbric
Help Net Security
Help Net Security
The Last Watchdog
The Last Watchdog

Blog on 1Password Blog

Why secure-by-design is an incentives problem, with Bob Lord | 1Password NIST and AI agents: 1Password’s approach to agent identity | 1Password Go beyond device health with External Checks in 1Password Device Trust | 1Password Natoma and 1Password help enterprises scale AI securely with governed agent access | 1Password New integrations between 1Password SaaS Manager and EPM | 1Password A first step toward post-quantum security | 1Password RSA 2026: Leading the way to secure agentic AI | 1Password How 1Password is Building a Culture of AI Fluency Through AI Champions | 1Password 1Password vs. Keeper Security: A comparison | 1Password 1Password vs. LastPass: Which is right for you? | 1Password Secure MCP credentials with 1Password and Runlayer | 1Password The next layer of AI security | 1Password Building the next chapter of Go-to-Market in EMEA | 1Password Automating SOC workflows with 1Password Enterprise Password Manager | 1Password Automated Provisioning hosted by 1Password: A Simpler, Smarter Way to Manage Access | 1Password Introducing 1Password® Unified Access: Identity Security for Humans and Their AI Agents | 1Password Next-generation automated provisioning, without compromising zero-knowledge security | 1Password Bitwarden vs. 1Password: Which password manager is right for you? | 1Password Password Manager for Families, Enterprise & Business | 1Password | 1Password How to wrangle SaaS contract renewals | 1Password Stop trusting consumer browsers with work credentials | 1Password IAM stops at sign-in. Your credentials do not. | 1Password Your digital pit crew: a 10-minute pre-race security checklist | 1Password 1Password Device Trust is coming to EMEA | 1Password The identity transformation: Analyst and CIO insights | 1Password Why now is the moment to join 1Password Go-To-Market | 1Password Identity and Accountability in the Age of AI Agents | 1Password How 1Password secures agent architectures | 1Password 1Password becomes the first global partner to transact through Express Private Offers in AWS Marketplace | 1Password Start Learning on 1Password Academy | 1Password Expanding Programmatic Access to 1Password | 1Password Zero knowledge vs. a malicious server: A look at ETH Zurich’s research | 1Password Agents are making filesystems cool again | 1Password Black History Month employee spotlight: Joseph Ojelade | 1Password 1Password's new benchmark teaches AI agents how not to get scammed | 1Password Streamlining SaaS onboarding and offboarding | 1Password 3 common SaaS Management challenges and how to avoid them | 1Password How 1Password Is Evolving Its Partner Ecosystem | 1Password How to build secure agent swarms that power production-grade autonomous systems | 1Password From magic to malware: How OpenClaw's agent skills become an attack surface | 1Password Solving the unsanctioned SaaS problem | 1Password 1Password and 60 Day Hustle: cybersecurity for small businesses | 1Password Security advisory for AI-assisted browsing interactions with the 1Password browser extension | 1Password Managing the risks of social logins | 1Password What’s the first security tool your small business should buy? | 1Password As AI Supercharges Phishing Scams, 1Password Introduces Built-In Protection | 1Password How to interview with confidence at 1Password | 1Password Five tips for successful SaaS Management | 1Password SaaS Manager | 1Password Why SaaS License Waste Is a Cost and Security Problem | 1Password AI is changing the IDE. With 1Password, security keeps up | 1Password How IT teams can get a handle on shadow IT | 1Password Bringing secure, just-in-time secrets to Cursor with 1Password | 1Password The Chasing Entropy Podcast Season One is in the Books | 1Password Now available via QBS Software: 1Password Enterprise Password Manager – MSP Edition | 1Password The role of credentials in the AI espionage campaign reported by Anthropic | 1Password The hidden offboarding step draining your budget | 1Password AWS and 1Password: Innovation in AI and beyond | 1Password Simplifying credential security on OpenAI Atlas | 1Password From Social Work to Social Impact: Growing at 1Password | 1Password Improving in-page notifications in the 1Password browser extension | 1Password Password Manager for Families, Enterprise & Business | 1Password | 1Password Now available via Renaissance: 1Password Enterprise Password Manager – MSP Edition | 1Password Behind the wheel at Oracle Red Bull Racing | 1Password Securing MCP servers with 1Password: Stop credential exposure in your agent configurations | 1Password What’s new in 1Password Enterprise Password Manager - Q4, 2025 | 1Password Belonging as a catalyst for high performance | 1Password Password habits are worsening, but leaders see a path to passwordless | 1Password A simpler, faster way to unlock 1Password | 1Password Oracle Red Bull Racing Episode 4, CIO Matt Cadieux | 1Password 70% of IT and security pros say SSO is falling short | 1Password 1Password's Phishing Survey: Avoid Holiday Phishing Scams | 1Password Securing the Win | 1Password SaaS optimization: How to maximize value and reduce costs | 1Password The enterprise AI crisis: Unsanctioned tools and unenforced policies | 1Password An Identity Security taxonomy for Agentic AI | 1Password Introducing new .env file support in 1Password environments | 1Password Speed and security: Mark Hazelton on protecting Oracle Red Bull Racing’s most valuable asset – its data | 1Password 1Password for Good: Giving back during cybersecurity awareness month | 1Password Utah Mammoth and Utah Jazz score with identity security | 1Password Oracle Red Bull Racing CEO and Team Principal | 1Password Three signs you need a SaaS Management Platform | 1Password Closing the credential risk gap for AI agents using a browser | 1Password Microsoft and Dropbox password managers are sunsetting: What it means and what to do next | 1Password From hackathon nerves to internship wins: Kavya’s journey at 1Password | 1Password 1Password now available in Comet, the AI-powered browser by Perplexity | 1Password 1Password announces new integration with Zscaler | 1Password Breaking the mold: Why more women should consider a career in sales | 1Password What security leaders need to know about mergers and acquisitions | 1Password Clickjacking: What it means for 1Password users | 1Password AI and security at Black Hat: 5 key takeaways from a security expert panel | 1Password Blog | 1Password Do any CISOs feel lucky? | 1Password How to lead with confidence in the AI era: a conversation with Nancy Wang, VP, Engineering | 1Password New Device Trust Check makes browser extension enforcement easier | 1Password Purpose, performance, and trust: Inside the culture powering 1Password’s next chapter | 1Password Now available on Pax8 Marketplace: 1Password Enterprise Password Manager - MSP Edition | 1Password The security principles guiding 1Password’s approach to AI | 1Password Choosing the right SaaS management platform for your business | 1Password Simplify access reviews with 1Password SaaS Manager | 1Password How great usability tripled Duke University's password manager adoption | 1Password
It’s incredible. It’s terrifying. It’s OpenClaw. | 1Password
info@1password.com (Jason Meller) · 2026-01-27 · via Blog on 1Password Blog

OpenClaw (formerly Clawd Bot, MoltBot), the locally running, open-source AI agent named after the Lobster workflow shell that powers its agentic loop, has rocked an AI community that, just weeks ago, was so in love with its own hype it would have yawned at literal magic.

And yet OpenClaw, seemingly just a wrapper around a collection of familiar technologies, has put those pieces together in a way that feels like a portal to a future that, a month ago, still felt impossibly distant.

Within an hour of setting up OpenClaw on my Mac, it had already built a fully featured kanban board where I could assign it tasks and track their state.

I have seen other stories that are even wilder. One user shared an anecdote about asking it to make a restaurant reservation, and when it realized it could not do it through OpenTable, it went and got its own AI voice software and just called the restaurant, then secured the reservation over the phone.

Its own author, Peter Steinberger, described joking to OpenClaw that he was worried about his laptop getting stolen while he was still developing it in Morocco. OpenClaw, ever the terrifyingly efficient pragmatist, immediately started planning its migration to a remote server.

None of those are pre-programmed routines. They are dynamic behaviors born out of an agentic loop that takes a goal and improvises a plan, grabbing whatever tools it needs to execute. It can apply general world knowledge, specific skills, and near-perfect memory into organized action toward objectives you set, and, more sobering, objectives it decides to set for itself.

Stories like these keep pouring in. My feed is full of people buying Mac minis as dedicated devices for their new agentic AI friend. I have also seen multiple posts pointing at Cloudflare’s secure tunneling as the obvious way to access a local setup from anywhere on the internet.

OpenClaw is able to give us this preview of the future because it is a tool that, for now, forgoes an essential constraint: security. The project’s FAQ presents the Faustian bargain plainly: “There is no ‘perfectly secure’ setup.”

OpenClaw works because it does three simple things better than almost anything else in the agent world right now:

  • It keeps persistent memory across sessions.

  • It has deep, unapologetic access to your local machine and apps.

  • It can take action autonomously in an agentic loop, not just suggest steps.

That combination is why it feels both a glimpse at the future, but presented as a goal, where between us and the future realized, is a lot of hard work to make it safe.

At 1Password, we make it easy to take advantage of this future in a way that keeps you secure.

The plain text problem

OpenClaw's memory and configuration are not abstract concepts. They are files. They live on disk. They are readable. They are in predictable locations. And they are plain text.

If an attacker compromises the same machine you run OpenClaw on, they do not need to do anything fancy. Modern infostealers scrape common directories and exfiltrate anything that looks like credentials, tokens, session logs, or developer config. If your agent stores in plain-text API keys, webhook tokens, transcripts, and long-term memory in known locations, an infostealer can grab the whole thing in seconds.

And what makes this worse than a typical credential leak is the context.

A single stolen API token is bad. Hundreds of stolen tokens and sessions for the critical services in your life is even worse. But a hundred stolen tokens and sessions, plus a long-term memory file that describes who you are, what you’re building, how you write, who you work with, and what you care about, is something else entirely. It’s the raw material needed to phish you, blackmail you, or even fully impersonate you in a way that even your closest friends and family can’t detect.

Agents aren’t just software they have an identity

One of the smartest things I’ve heard about OpenClaw came from a customer who set it up on a dedicated Mac mini with its own email address and its own 1Password account, as if it were a new hire. They first installed it on their main laptop, then got spooked by how much it could touch, so they moved it to a separate machine to control its access and experiment safely.

This is directionally correct and it’s compatible with how we are thinking about the future of securing AI with 1Password.

The mistake the industry is making right now is treating agent security like normal app security. A familiar consent screen. A one-time approval. A set of scopes. Then we assume the future behavior will match the intent of that one moment.

That model breaks the second you hand autonomy to something that is adaptive and non-deterministic by design. The agent changes. The tasks change. The context changes. The approval you gave last week is used in new and unexpected ways today.

So our vision is simple:

Security for agents is not about granting access once. It is about continuously mediating access at runtime for every action and request.

1Password as the mediation layer

The future we want looks like this:

  • Your agent has its own identity, like a new hire.

  • It gets access through 1Password, not through a pile of long-lived tokens sitting in plain text on disk.

  • When it needs to act, it requests the minimum authority it needs right now.

  • That authority is time-bound, revocable, and attributable to the agent, not smeared across the human who originally clicked approve.

  • You can answer the only question that matters when something goes wrong: who did what, when?

In other words, 1Password is not just where secrets live. It is the control plane that governs access. It is the layer that turns agent autonomy into something you can actually trust.

Agents are going to become normal. The only question is whether you choose to make them governable.

That future does not exist today, but the work to make it real and safe is already underway.

1Password will be the company that makes that possible.

News and updates for developers

Subscribe to our developer newsletter to be the first to know about new betas, tools, and resources for developers.