惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

K
Kaspersky official blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
AI
AI
SecWiki News
SecWiki News
宝玉的分享
宝玉的分享
Scott Helme
Scott Helme
D
Darknet – Hacking Tools, Hacker News & Cyber Security
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
Engineering at Meta
Engineering at Meta
博客园 - 叶小钗
The GitHub Blog
The GitHub Blog
Microsoft Azure Blog
Microsoft Azure Blog
N
News and Events Feed by Topic
Cloudbric
Cloudbric
B
Blog
Cisco Talos Blog
Cisco Talos Blog
V
Vulnerabilities – Threatpost
N
News and Events Feed by Topic
V
Visual Studio Blog
A
Arctic Wolf
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
U
Unit 42
S
Security @ Cisco Blogs
博客园 - 聂微东
T
Threat Research - Cisco Blogs
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
Apple Machine Learning Research
Apple Machine Learning Research
Y
Y Combinator Blog
G
GRAHAM CLULEY
L
LINUX DO - 热门话题
量子位
NISL@THU
NISL@THU
Webroot Blog
Webroot Blog
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
T
Troy Hunt's Blog
Application and Cybersecurity Blog
Application and Cybersecurity Blog
T
Tenable Blog
月光博客
月光博客
S
Security Affairs
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
The Hacker News
The Hacker News
Spread Privacy
Spread Privacy
D
Docker
www.infosecurity-magazine.com
www.infosecurity-magazine.com
雷峰网
雷峰网
博客园 - 司徒正美
T
The Exploit Database - CXSecurity.com
Hugging Face - Blog
Hugging Face - Blog
Help Net Security
Help Net Security
D
DataBreaches.Net

Blog on 1Password Blog

Why secure-by-design is an incentives problem, with Bob Lord | 1Password NIST and AI agents: 1Password’s approach to agent identity | 1Password Go beyond device health with External Checks in 1Password Device Trust | 1Password Natoma and 1Password help enterprises scale AI securely with governed agent access | 1Password New integrations between 1Password SaaS Manager and EPM | 1Password A first step toward post-quantum security | 1Password RSA 2026: Leading the way to secure agentic AI | 1Password How 1Password is Building a Culture of AI Fluency Through AI Champions | 1Password 1Password vs. Keeper Security: A comparison | 1Password 1Password vs. LastPass: Which is right for you? | 1Password Secure MCP credentials with 1Password and Runlayer | 1Password The next layer of AI security | 1Password Building the next chapter of Go-to-Market in EMEA | 1Password Automating SOC workflows with 1Password Enterprise Password Manager | 1Password Automated Provisioning hosted by 1Password: A Simpler, Smarter Way to Manage Access | 1Password Introducing 1Password® Unified Access: Identity Security for Humans and Their AI Agents | 1Password Next-generation automated provisioning, without compromising zero-knowledge security | 1Password Bitwarden vs. 1Password: Which password manager is right for you? | 1Password Password Manager for Families, Enterprise & Business | 1Password | 1Password How to wrangle SaaS contract renewals | 1Password Stop trusting consumer browsers with work credentials | 1Password IAM stops at sign-in. Your credentials do not. | 1Password Your digital pit crew: a 10-minute pre-race security checklist | 1Password 1Password Device Trust is coming to EMEA | 1Password The identity transformation: Analyst and CIO insights | 1Password Why now is the moment to join 1Password Go-To-Market | 1Password Identity and Accountability in the Age of AI Agents | 1Password How 1Password secures agent architectures | 1Password 1Password becomes the first global partner to transact through Express Private Offers in AWS Marketplace | 1Password Start Learning on 1Password Academy | 1Password Expanding Programmatic Access to 1Password | 1Password Zero knowledge vs. a malicious server: A look at ETH Zurich’s research | 1Password Agents are making filesystems cool again | 1Password Black History Month employee spotlight: Joseph Ojelade | 1Password 1Password's new benchmark teaches AI agents how not to get scammed | 1Password Streamlining SaaS onboarding and offboarding | 1Password 3 common SaaS Management challenges and how to avoid them | 1Password How 1Password Is Evolving Its Partner Ecosystem | 1Password How to build secure agent swarms that power production-grade autonomous systems | 1Password From magic to malware: How OpenClaw's agent skills become an attack surface | 1Password Solving the unsanctioned SaaS problem | 1Password 1Password and 60 Day Hustle: cybersecurity for small businesses | 1Password It’s incredible. It’s terrifying. It’s OpenClaw. | 1Password Managing the risks of social logins | 1Password What’s the first security tool your small business should buy? | 1Password As AI Supercharges Phishing Scams, 1Password Introduces Built-In Protection | 1Password How to interview with confidence at 1Password | 1Password Five tips for successful SaaS Management | 1Password SaaS Manager | 1Password Why SaaS License Waste Is a Cost and Security Problem | 1Password AI is changing the IDE. With 1Password, security keeps up | 1Password How IT teams can get a handle on shadow IT | 1Password Bringing secure, just-in-time secrets to Cursor with 1Password | 1Password The Chasing Entropy Podcast Season One is in the Books | 1Password Now available via QBS Software: 1Password Enterprise Password Manager – MSP Edition | 1Password The role of credentials in the AI espionage campaign reported by Anthropic | 1Password The hidden offboarding step draining your budget | 1Password AWS and 1Password: Innovation in AI and beyond | 1Password Simplifying credential security on OpenAI Atlas | 1Password From Social Work to Social Impact: Growing at 1Password | 1Password Improving in-page notifications in the 1Password browser extension | 1Password Password Manager for Families, Enterprise & Business | 1Password | 1Password Now available via Renaissance: 1Password Enterprise Password Manager – MSP Edition | 1Password Behind the wheel at Oracle Red Bull Racing | 1Password Securing MCP servers with 1Password: Stop credential exposure in your agent configurations | 1Password What’s new in 1Password Enterprise Password Manager - Q4, 2025 | 1Password Belonging as a catalyst for high performance | 1Password Password habits are worsening, but leaders see a path to passwordless | 1Password A simpler, faster way to unlock 1Password | 1Password Oracle Red Bull Racing Episode 4, CIO Matt Cadieux | 1Password 70% of IT and security pros say SSO is falling short | 1Password 1Password's Phishing Survey: Avoid Holiday Phishing Scams | 1Password Securing the Win | 1Password SaaS optimization: How to maximize value and reduce costs | 1Password The enterprise AI crisis: Unsanctioned tools and unenforced policies | 1Password An Identity Security taxonomy for Agentic AI | 1Password Introducing new .env file support in 1Password environments | 1Password Speed and security: Mark Hazelton on protecting Oracle Red Bull Racing’s most valuable asset – its data | 1Password 1Password for Good: Giving back during cybersecurity awareness month | 1Password Utah Mammoth and Utah Jazz score with identity security | 1Password Oracle Red Bull Racing CEO and Team Principal | 1Password Three signs you need a SaaS Management Platform | 1Password Closing the credential risk gap for AI agents using a browser | 1Password Microsoft and Dropbox password managers are sunsetting: What it means and what to do next | 1Password From hackathon nerves to internship wins: Kavya’s journey at 1Password | 1Password 1Password now available in Comet, the AI-powered browser by Perplexity | 1Password 1Password announces new integration with Zscaler | 1Password Breaking the mold: Why more women should consider a career in sales | 1Password What security leaders need to know about mergers and acquisitions | 1Password Clickjacking: What it means for 1Password users | 1Password AI and security at Black Hat: 5 key takeaways from a security expert panel | 1Password Blog | 1Password Do any CISOs feel lucky? | 1Password How to lead with confidence in the AI era: a conversation with Nancy Wang, VP, Engineering | 1Password New Device Trust Check makes browser extension enforcement easier | 1Password Purpose, performance, and trust: Inside the culture powering 1Password’s next chapter | 1Password Now available on Pax8 Marketplace: 1Password Enterprise Password Manager - MSP Edition | 1Password The security principles guiding 1Password’s approach to AI | 1Password Choosing the right SaaS management platform for your business | 1Password Simplify access reviews with 1Password SaaS Manager | 1Password How great usability tripled Duke University's password manager adoption | 1Password
Security advisory for AI-assisted browsing interactions with the 1Password browser extension | 1Password
info@1password.com (Andrew Hall and Drew Sen) · 2026-01-30 · via Blog on 1Password Blog

This advisory describes an ecosystem-level risk that emerges when AI agents are able to autonomously read and act on untrusted content while operating with user-level permissions in a web browser.

Our approach to ecosystem risks is to maintain clear, deterministic boundaries that don’t rely on an AI system interpreting “rules” correctly. To strengthen user control at this boundary, we’ve added the ability for users to disable automatic sign-in for the 1Password web app, preventing automated browser activity when 1Password is unlocked.

1Password remains predictable even when the surrounding environment is not: autofill remains restricted to the right sites, sensitive data can require confirmation before being filled, and a locked extension cannot be manipulated by an AI agent or anyone else. Users can also change their extension’s lock settings – such as using shorter lock timeouts – to ensure the extension locks as frequently as fits their security preferences, especially when using AI-assisted browsing.

Observation

AI-powered browsers and assistants are designed to read and act on web content on a user’s behalf. This creates a broader attack surface for prompt injection, where malicious instructions are embedded in otherwise normal content (for example, a calendar invite, email, or document).

We’ve reviewed an attack scenario that demonstrates how an AI assistant can be influenced by untrusted content to navigate the web and attempt actions a user could perform at the keyboard. If the 1Password browser extension is already unlocked, the assistant may be able to trigger normal extension behavior, such as navigating to a web application, attempting to autofill credentials on sites matching saved URLs, or automatically signing the user into 1Password.com via the unlocked extension and interacting with the web vault.

This issue does not break 1Password’s cryptography, authentication model, or vault design, and there is no bypass of 1Password’s security controls. AI access remains limited to the constraints of an existing authenticated session.

Who may be affected

You may be affected if all of the following apply:

  • You use an AI-powered browser or AI assistant that can autonomously navigate and interact with web pages.

  • The AI assistant is able to read or act on untrusted content that comes from outside your direct control, such as emails, calendar invitations, shared documents, or web pages.

  • Your 1Password browser extension is unlocked while the AI assistant is in use.

Recommended action

To reduce exposure to this class of risk:

  • Disable "Automatically sign in to 1Password in the browser" in the 1Password browser extension (Settings > Security). This prevents the unlocked browser extension from signing in to 1Password.com automatically without explicit user intent.

  • Manage team sign-in policies: Manage whether your team members can choose to be signed in to 1Password.com automatically if their 1Password browser extension is unlocked.

  • Lock the 1Password browser extension when stepping away from your device or when browsing untrusted content.

  • Enable autofill confirmation prompts for sensitive item types like contact information and credit cards, so you’re asked before those details are filled. Login items also support optional confirmation prompts, which some users and teams may choose to enable for additional assurance.

Impact and exploitability

Prompt injection is a technique where untrusted text is interpreted as instructions by an AI system. In this scenario, an attacker’s goal is to influence an AI assistant into taking actions the user did not intend.

If the 1Password browser extension is unlocked, the assistant may be able to attempt actions that are already within the user’s permissions, such as:

  • Navigating to the 1Password web app, signing in with the existing unlocked session, and interacting with what’s visible in the active session, in the same way a user could while signed in (for example, viewing or editing items, accessing account pages, or changing settings).

  • Triggering autofill in a browser tab.

Important limitations still apply:

  • Autofill is restricted by domain matching: credentials won’t fill outside the saved origin rules for the item.

  • Only one item can be filled or accessed at a time - there’s no bulk action or “export all” capability in the browser extension that would allow an entire vault to be retrieved at once.

  • Sensitive data types such as credit cards and contact information require confirmation prompts that can’t be hidden or overlaid by a webpage.

  • If the extension is locked, it can’t be used to fill or act until the user unlocks it again.

Our Position

AI-assisted browsing changes how actions can be initiated in a web browser, but it doesn’t change the fundamental security boundaries that 1Password enforces. The extension only performs actions a signed-in user could perform themselves, remains constrained by domain matching and confirmation requirement settings, and can’t be used at all when it’s locked. 1Password’s security model and settings give users control over features like automatic sign-in and lock behavior, helping reduce exposure to this class of ecosystem risk.

We thank Stav Cohen and the Zenity research team for responsibly disclosing this industry-wide scenario. For additional technical details, see their write-up.