For years, 1Password was mostly known as a password manager. It helped people store credentials, generate strong passwords, and keep secrets out of the wrong hands. But today’s announcement shows the company has much bigger ambitions.
1Password has acquired Apono, a company focused on just-in-time access governance. While that phrase sounds like security industry jargon, the concept is actually pretty simple. Instead of giving people, machines, or AI agents permanent access to systems, access is granted only when needed and automatically removed when the task is complete.
ALSO READ: 1Password secures coding agents with new OpenAI Codex integration
The timing of the acquisition is notable. As companies rush to deploy AI agents that can retrieve data, modify systems, and perform tasks autonomously, a new problem has emerged. Organizations may know who an AI agent is, but they often lack strong controls over what that agent can actually do once it gains access.
According to 1Password, enterprise identity systems were designed for a world where humans logged in and software mostly sat in the background. That model is breaking down as machine identities and AI agents multiply across cloud infrastructure, databases, developer platforms, and business applications.
Apono’s technology is designed to address that challenge. Rather than relying on standing privileges that remain active indefinitely, it evaluates access requests in real time, grants only the permissions required for a specific task, and automatically revokes those permissions when the work is finished. The platform integrates with major services including Amazon Web Services, Microsoft Azure, Google Cloud, Kubernetes, Snowflake, Databricks, GitHub, Jira, Slack, and PagerDuty.
What makes this acquisition especially interesting is that it moves 1Password beyond credential storage and into access governance. The company is essentially arguing that protecting passwords and secrets is no longer enough. Organizations also need visibility into how identities, whether human, machine, or AI, are behaving after authentication takes place.
The acquisition also coincides with the introduction of 1Password Credential Broker, currently in private beta. The service keeps credentials inside 1Password’s vault and releases them only when a verified requester needs temporary access. Combined with Apono’s access controls, the company is positioning itself as a unified platform that manages both credentials and permissions.
I find this strategy compelling because AI agents are creating security questions that many organizations have not fully answered. Businesses are eager to automate workflows, but giving autonomous software broad access to production systems can quickly become a nightmare if controls are too loose. The industry has spent years worrying about stolen passwords, but AI may force companies to think much harder about authorization rather than just authentication.
The identity and access management market is crowded, and 1Password is no longer content to compete solely as a password manager. By acquiring Apono, the company is betting that the next major security challenge won’t be protecting passwords, but controlling an explosion of human, machine, and AI identities that increasingly operate inside critical systems. If that bet pays off, 1Password could end up known for far more than password storage.
Support independent tech journalism
NERDS.xyz is independently owned and operated. If you enjoy my coverage of Linux, AI, hardware, cybersecurity, and tech culture, consider supporting the site on Ko-fi.
Support NERDS.xyz