1Password’s 2025 Annual Report: The Access-Trust Gap delivers a harsh reality check for modern IT. The company found that while AI tools are boosting productivity, they are also fueling a new kind of insider threat where ordinary employees act like accidental hackers.
According to the report, 73 percent of workers are encouraged to use AI, but more than a third admit they do not always follow company policies. Many are even feeding sensitive data into large language models without understanding where it goes. Nearly one in four have used unapproved AI apps for work, creating what 1Password calls “Shadow AI,” a hidden layer of risk spreading through corporate networks.
“We’ve got data going into these LLMs that we don’t have control over,” said Duke University CISO Nick Tripp. “If someone uses a tool we don’t have an agreement for, there’s no protection for us.”
The findings show that companies have effectively lost visibility into how their own data moves. More than half of employees have downloaded apps without IT approval, and 70 percent of IT leaders admit that SSO, once the backbone of identity security, is no longer enough to keep track of who is accessing what. A third of apps now live completely outside SSO protection.
Weak password habits make matters worse. Two-thirds of workers admit to unsafe practices, and compromised credentials remain the leading cause of material breaches. Even as companies rush to adopt passkeys and passwordless logins, 1Password’s data suggests most organizations are still relying on fragile identity systems built for a pre-AI world.
The report’s bottom line is that the biggest security threat is no longer a faceless hacker. It is the employee with too many apps, too many AI tools, and too little oversight. Unless enterprises rebuild trust and control around modern access, AI could end up doing what no outside attacker ever could: dismantle corporate security from within.
