Agentic browsing is the next big thing in AI, at least when you ask the likes of Microsoft, Google, Opera, Perplexity and others. It is an integrated AI that performs tasks on behalf of the user. From research to creating Spotify playlists or, my personal favorites, buying groceries (that's irony).
While some of these tasks do not require special permissions or data, others, like making a purchase on your behalf, do. This usually requires authorization. If you want the AI to buy something from Amazon, it needs your Amazon account credentials to do just that. At other times, it may need access to API keys or one-time codes.
That is seen as a problem by some, as you have to trust the maker of the AI that the artificial intelligence won't do anything problematic with the data. There is also the chance of it being retained and then stolen, if things go really wrong.
1Password, maker of the password manager of the same name, announced a solution to the problem. According to the company's announcement, agentic browsers introduce a whole range of issues:
- No single source of truth for secrets management across agentic AI and employees
- Difficulty of revoking credentials/items, especially long-lived ones
- Proliferation of untracked/out-of-date credential grants
Secure Agentic Autofill
The company calls its solution Secure Agentic Autofill. It explains: "Secure Agentic Autofill injects credentials via the 1Password Browser Extension into a browser on behalf of an AI agent only when required and always authorized by a person".
The AI never gets its virtual hands on the password, credentials, or other sensitive data under the system. Credential storage is delegated to the password manager, which will fill out the credentials on behalf of the user. 1Password says that the AI and its large language model "never need to see nor handle the credentials" to complete the workflow.
The maker of the password manager has developed a new protocol for that very purpose. Its purpose is to allow the secure requesting and delivering of credentials into the browser context. The protocol creates an end-to-end encrypted channel between the 1Password browser extension and 1Password device.
The agent has to inform 1Password that credentials are required, which 1Password then identifies. The password manager requests human approval to inject the credentials securely into the browser.
The integration is only available through Browserbase. The company operates a platform for building and running browser-based AI agents.
Closing Words
Can 1Password succeed with Secure Agentic Autofill? Much depends on adoption, preferably by bigger players. It might stay a niche feature of a password manager, especially if the likes of Google, Microsoft, or OpenAI do not throw their weight behind the protocol.
Now You: Would you hand over credentials to AI agents so that they can act on your behalf? Feel free to leave a comment down below.
Thank you for being a Ghacks reader. The post 1Password says it has a solution for AI agents leaking your passwords appeared first on gHacks Technology News.
0 Commentaires