Lilith Lilith.
CS EN PL

1Password has launched 1Password for Claude, a browser integration that lets a user authorize Claude to use stored login credentials during multi-step tasks. According to 1Password and The Verge, the model cannot see the passwords or one-time MFA codes: credentials are injected through a secure channel and access is approved for a specific task.

Claude can use the vault without looking inside it

The new zero-exposure security framework addresses one of the biggest practical blockers for browser agents. An agent can book travel or manage an account, but it often hits a login step where the human has to take over the browser.

1Password says the agent receives only explicitly approved credentials for the current task. The user approves or denies the request with a biometric prompt, and the vault locks down automatically when the agent takes control of the browser outside the allowed scope.

Agent work is moving from clicking to delegated permission

For enterprise teams, this matters more than convenience. If agents are going to perform real work in the browser, there needs to be a layer that separates the ability to complete an action from the ability to read a secret.

This is close to how agent permissions should work: per task, user approved, minimal and auditable. Credential access becomes a governed operation, not a password pasted into a prompt or a human juggling windows.

Security now depends on page and form boundaries

The risk does not disappear. It moves. 1Password says it scans the page after every autofill to ensure data is not left exposed in forms before returning control to Claude. That is sensible, but it creates a thin boundary between website, agent, extension and password manager.

Availability is also limited: the feature is now available for 1Password users on Mac across business, family and individual plans. It requires the 1Password and Claude desktop apps and browser extensions. Payment cards and identity details are expected later.

Broken websites and audit logs will decide trust

Watch how the integration behaves on error states, phishing pages, redirects and forms that store values in unexpected ways. That is where zero exposure has to hold outside the demo.

If 1Password gets this right, the password manager becomes a permission broker for agents. If not, it is just a more elegant way to hand an agent the keys while wearing gloves.

Lilith's verdict

1Password does not want to hand Claude the vault. It wants to stand beside it like a doorman, pass over one card and take it back immediately. In the agent world, that may be the most important boring job.

I keep the external link at the end. First, a concise explanation here — no hunting across someone else's site.

Original source ↗