1Password and OpenAI Partner to Bring Password Security to Codex

In a significant move to enhance security, 1Password has announced a collaboration with OpenAI that enables developers to provide Codex with secure access to credentials like passwords. This partnership allows users to grant the Codex agent access to the 1Password Environments MCP Server for Codex, ensuring the agent can access credentials stored in a secure runtime environment. It doesn't expose secrets in prompts, code, or model context.

And this isn't just about Codex - the broader issue of agentic security is picking up steam. According to a report by the Cloud Security Alliance, two-thirds of organizations have suffered from a cybersecurity incident related to the deployment of AI agents during the past year. Identity management is one of the biggest challenges that's increasing risk. Authentication and access controls are still primarily designed to support human users, rather than agent identities that move at machine speed.

1Password's CTO, Nancy Wang, explained that agent identity isn't a solved problem. There's no one-size-fits-all approach to deploying agents into production. Wang emphasized that securing agent identities is crucial, just like human identities. However, agents work like machines, with the same access as a human user, but they work longer and faster. They also have the ability to spawn other agents.

To reduce risk, 1Password uses a design philosophy of having no standing privileges. This means agents aren't given API keys to use as they wish. Instead, the organization's collaboration with OpenAI will bring just-in-time access to Codex. This allows the agent to access the tools it needs to perform its function without exposing the credentials to the model's context.

"Being able to cryptographically prove the intent of an agent and tie that into its identity and therefore its access, having that entire chain, right, sort of be deliberate and also be pristine, matters," Wang said.

Fotis Chantzis, OpenAI's agent security lead, heads a team that designs, builds, and deploys security controls to agentic services like Codex. Chantzis emphasized that addressing identity is a priority for securing an agentic AI initiative. Continuous verification and authorization are crucial to ensure agent permissions match the task they're asked to perform.

The partnership between 1Password and OpenAI demonstrates an alternative approach. It gives agents access to credentials within the development workflow without exposing credentials. As more agents emerge across the enterprise, security teams will have to rethink approaches to identity and credential management. They can't rely on traditional methods, and they won't be able to keep up with the evolving landscape of agentic security.

The move to secure Codex with password security has significant implications for organizations adopting AI agents. With the increasing risk of cybersecurity incidents related to AI agents, it's essential for organizations to prioritize agentic security. They should adopt secure practices, such as using short-lived credentials, sandboxing, and keeping secrets out of model context. It's crucial for organizations to take a proactive approach to securing their AI agents.

As the use of AI agents becomes more prevalent, the need for secure agent practices will only continue to grow. The collaboration between 1Password and OpenAI is a step in the right direction. However, it's crucial for organizations to stay vigilant and adapt to the evolving landscape of agentic security. They won't be able to stay safe if they don't prioritize agentic security.