TORONTO--(BUSINESS WIRE)--1Password, a leader in identity security, today announced that it has acquired Apono, an innovator in just-in-time access governance for humans, machines, and AI agents, where access is granted the moment it’s needed, scoped to the task, continuously monitored, and revoked automatically. Together, these capabilities advance the vision behind 1Password® Unified Access: one platform that governs every human, machine, and AI agent identity, from the credentials these identities hold to the access they’re granted at runtime, making 1Password the common control plane for trusted access across the enterprise.
More than 180,000 businesses and over 1 million developers trust 1Password to secure their credentials, secrets, and access to their most critical systems. Agentic workflows have exposed a deeper problem: enterprise identity was built in silos for a world before AI, with separate systems for humans, for machines, and for the credentials and access each one holds. As AI agents move into critical systems, that fragmentation has become the blocker: security teams can't safely govern non-deterministic agents, so AI programs stall and the attack surface fills with standing access and exposed credentials. The acquisition of Apono enables 1Password to converge those silos onto a single control plane, extending its trust from securing an identity’s credentials to governing what that identity can do: when, why, and for how long. Every identity: human, machine, or AI agent, receives only the permissions the task requires, for the duration of that task, with a complete audit record of every action taken.
"Today's identity systems govern the entry, but not the stay. They decide who gets in, then lose sight of what an identity does once it's inside," said David Faugno, CEO of 1Password. "Agentic workflows have exposed how fragmented enterprise identity really is, built in silos for a world before AI. Companies can't capture the full value of their AI investments when agents are reaching critical systems through credentials nobody is governing. By combining Apono's just-in-time provisioning and intent-based policy enforcement with 1Password's zero-knowledge vault and Credential Broker, we’re delivering the answer: unlocking the highest-value AI use cases while keeping people in control."
Identity Security for the Agentic Enterprise
Apono makes a decision on each access request rather than relying on standing accounts: it evaluates the request against policy, then dynamically creates the account, role, or permission the task requires scoped to the task and time-bound in each platform's native permissioning system (e.g., cloud IAM), and removes it automatically when the work is complete. Because access is created on demand and torn down afterward, there are no standing accounts or privileges to manage and it is seamless for teams to deploy and operate.
The same model governs every identity: a person, a service account, or an AI agent acting on someone's behalf, with the agent's access tied to the human who delegated it and scoped to the intent of the task. Apono provisions access to cloud infrastructure and critical resources including Amazon Web Services (AWS), Microsoft Azure, Google Cloud, Kubernetes, Snowflake, and Databricks, and integrates with more than 200 enterprise systems including Slack, Jira, PagerDuty, and GitHub. Anyone who needs access can request it in the tools they already use and receive it just-in-time, e.g., an engineer connecting to a production database, an IT admin granting a contractor temporary access, or a sales operations manager who needs Salesforce for a specific task. Technical teams can also define access policies as code through Apono's API and Terraform. Every request, approval, grant, and revocation lands in a single audit trail with SIEM-ready exports that map to major compliance frameworks. For AI agents, Intent-Based Access Control keeps a person in control: a delegated agent's access derives from the human who authorized it and is scoped to that task's declared intent, and the same policy applies directly to autonomous agents. Apono compares declared intent against the agent's actual actions in real time and narrows or revokes access when behavior drifts from what was authorized, so autonomous access is verified, not assumed.
"Standing access is the quiet liability inside almost every company: permissions granted once and never taken back," said Rom Carmel, co-founder and CEO of Apono. "We built Apono to remove access the moment the work is done: scoped to exactly what the task needs, for every engineer, knowledge worker, service account, and AI agent, decided at runtime based on context and intent. Done right, security stops being the thing that slows people down and becomes the thing that lets them move, including how confidently they can put AI to work. With a shared vision of seamless secure access across every identity, we are excited to be joining 1Password and define what access governance looks like when AI agents run in production."
From Credential Security to Access Governance
Credential security and access governance are two sides of the same problem: ensuring that every human, machine, and AI agent has only the access it needs, only when it needs it, with complete attribution and accountability. The acquisition of Apono builds on the foundation of 1Password Unified Access, which helps organizations discover, secure, and audit human, machine, and agent identities.
Alongside today's announcement, 1Password is introducing the 1Password Credential Broker, now in private beta, beginning with GitHub Actions workload identity and extending across humans, machine workloads, and AI agents over time. The Credential Broker keeps credentials protected in 1Password's zero-knowledge vault, and releases only an approved credential, token, or federated access to a verified requester at the moment it's needed, with no long-lived secrets copied into apps, repositories, or pipelines. The two products address different layers of the same problem: the Credential Broker secures the credential foundation, where a credential lives and how it reaches a trusted identity, while Apono governs what that identity is permitted to do in the target system, and for how long. Together they extend Unified Access from credential management to zero-standing-privilege access governance for humans, machines, and AI agents: one front door for every identity, one policy surface, and a comprehensive audit trail, the foundation for adopting AI without surrendering control.
With 1Password Unified Access, organizations can:
- Discover human and non-human identities across applications, infrastructure, devices, and AI systems, surfacing dormant identities and over-provisioned privileges.
- Secure credentials, secrets, and access with just-in-time, just-enough controls for humans, agents, and machines, created at request time and revoked when the work is done.
- Govern and audit every access request, approval, and action through a unified audit trail with full context: who accessed what, when, and why, with anomaly detection that flags unusual behavior.
“As organizations accelerate adoption of cloud infrastructure, machine identities, and AI agents, the number of privileged identities is growing dramatically, creating demand for solutions that eliminate standing privileges and can govern access in real time,” said Duncan Brown, Group Vice President, Worldwide Security Products, IDC. “By combining credential security, machine identity protection, and just-in-time zero-standing-privilege access, 1Password is uniquely positioned to help organizations secure the next generation of human and non-human identities.”
To learn more about 1Password's acquisition of Apono and the 1Password Unified Access platform, read the blog. The terms of the acquisition were not disclosed.
About 1Password
1Password is redefining identity security for how people and AI agents work today. The 1Password Unified Access platform discovers and secures identities and credentials, establishes trusted access, and audits actions across human and AI agents. 1Password SaaS Manager helps organizations discover and secure access to SaaS applications while optimizing spend. 1Password's enterprise vault protects more than 1.5 billion credentials and secrets and is trusted by more than 1 million developers and over 180,000 businesses, including Canva, CIBC Capital Markets, Cursor, Dust, ElevenLabs, Figma, GitHub, HackerOne, Hugging Face, MongoDB, Notion, Perplexity, Salesforce, Stripe, Vercel, Wiz, Workday, and Zscaler. Learn more at 1Password.com.
Also Read:
How to Protect Your Digital Identity Online? The Best Practices
Understanding Identity Theft, Its Types, Examples, and Digital Safety Strategies
