1Password’s $400M ARR underscores identity security’s AI shift

At a glance

What this is: 1Password says it has crossed $400 million in ARR while extending identity security into human and AI agent access governance.

Why it matters: It matters because practitioners now have to govern credentials, access, and oversight across people, machine identities, and AI systems in the same programme.

By the numbers:

• 1Password says it has surpassed $400 million in annual recurring revenue and now serves more than 180,000 business customers.
• More than 30% of the Forbes AI 50 are among 1Password's business customers.
• 1Password says gross retention is above 90% and customer spending over $100,000 ARR has grown at a 70% compound annual rate over the past three years.

👉 Read 1Password's update on identity security growth and AI governance

Context

Identity security is shifting from a human login problem to an access governance problem that spans people, service accounts, secrets, and AI agents. The core issue is not whether a credential exists, but whether the organisation can prove who or what authorised its use and within what limits.

1Password's announcement is best read as a market signal, not as a product story. It reflects a broader reality for IAM and security teams: once AI systems can act inside business workflows, access control, credential traceability, and governance have to cover non-human actors as part of the same control plane.

For practitioners, that creates a direct link between identity lifecycle discipline and AI governance. If credentials are shared, untracked, or broadly delegated, the organisation loses the ability to separate legitimate automation from exposed access.

Key questions

Q: How should security teams govern AI agents that use business credentials?

A: Security teams should treat AI agents as non-human identities with explicit ownership, scoped access, and revocation rules. The critical control is not just storing the secret securely, but proving who authorised its use, where it can operate, and how quickly it can be withdrawn if the workflow changes.

Q: Why do shared credentials become riskier when AI systems are in the workflow?

A: Shared credentials become riskier because AI systems can act at machine speed across multiple tools and sessions, while human governance still assumes slower, reviewable use. That mismatch makes it harder to tell legitimate delegation from unbounded privilege spread.

Q: What breaks when identity governance does not cover AI agents and service accounts together?

A: Governance breaks at the boundary between approved access and actual execution. If service accounts, AI agents, and humans are managed separately, organisations lose the ability to trace accountability across the full delegation chain and miss privilege that persists beyond its intended scope.

Q: How do organisations decide whether to prioritise secrets management or access governance first?

A: Organisations should treat them as linked controls, but prioritise the use case with the highest blast radius. If access can be reused broadly across SaaS, developer tooling, or AI workflows, governance over entitlement scope and revocation should come before adding more secret storage layers.

Technical breakdown

Identity security for AI agents and machine identities

AI agents change the access model because they do not just authenticate, they act. In practice, that means credentials, vaults, browser sessions, and API access all become part of a machine-operated trust chain. The technical problem is not limited to storage or rotation. It is the combination of traceability, issuance, and revocation across a growing number of non-human identities. When an AI system can call tools, open sessions, or access secrets, security teams need to know whether access was granted to the agent itself, the underlying service account, or a delegated human workflow.

Practical implication: map every AI workflow to the identity that actually executes it, not just the application it touches.

Why credential traceability matters more than raw secret storage

Secret storage alone does not solve the governance problem. A password vault or secrets manager can reduce exposure, but it does not automatically answer who approved access, which workload used the secret, or whether the credential was reused outside the intended boundary. In environments where humans and AI agents share access patterns, traceability becomes the control that separates secure delegation from invisible privilege spread. That is why lifecycle controls, access review, and offboarding matter as much as the secret repository itself.

Practical implication: require provenance and revocation evidence for every credential, not just centralised storage.

Governance boundaries for extended access management

Extended access management is essentially a boundary problem. Organisations are trying to unify access to SaaS, devices, and AI workflows without assuming that every actor behaves like a human employee. The technical challenge is to preserve least privilege while supporting dynamic execution. That requires explicit scope, device or runtime context, and event-driven revocation. Without those boundaries, organisations end up with access that is technically managed but operationally too broad for AI-assisted work.

Practical implication: define scope limits and revocation triggers before AI agents are allowed to use production credentials.

Threat narrative

Attacker objective: The attacker or misuser wants durable, traceable access to business systems without triggering the accountability controls that should constrain identity use.

1. Entry occurs when AI systems or developers gain access to shared credentials, browser sessions, or API keys embedded in normal workflows.
2. Escalation follows when those credentials are reused across SaaS, development tools, and AI assistants without clear ownership or session-level traceability.
3. Impact is the loss of visibility into who authorised access and what the non-human actor was actually permitted to do.

Breaches seen in the wild

• Moltbook AI agent keys breach — Moltbook breach exposed 1.5M AI agent keys.
• Shai Hulud npm malware campaign — Shai Hulud campaign: npm malware exposed secrets on GitHub.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.

NHI Mgmt Group analysis

Identity security is becoming an AI governance problem, not just a secrets problem. The vendor's numbers show that the centre of gravity has moved from individual credential protection to whole-programme control over human and machine access. Once AI agents operate inside business processes, identity teams must govern who or what can act, when it can act, and how that action is traced. The practitioner conclusion is that identity governance now has to span both people and non-human actors in one model.

Access-trust gaps are widening because organisations still treat execution as if it were human-paced. Controls such as review, approval, and revocation were designed for actors that persist long enough to be observed. AI-driven workflows compress that window, which means the old governance cadence often arrives after the access event has already completed. The practitioner conclusion is that access certainty has become more important than access convenience.

Credential traceability is now the named concept practitioners should track: identity provenance debt. When credentials move across SaaS, devices, automation, and AI agents without clear ownership, organisations accumulate a debt of unprovable access history. That debt does not just increase risk, it weakens auditability and response. The practitioner conclusion is to treat provenance as a first-class governance requirement, not an afterthought.

Lifecycle governance is now the differentiator between managed access and unmanaged delegation. Offboarding, review, and entitlement cleanup matter as much for machine identities and AI agents as they do for human users. The market is signalling that identity products are converging on this gap because existing governance programmes have not consistently covered all actor types. The practitioner conclusion is to reassess whether lifecycle processes truly extend across human, NHI, and AI identities.

This announcement validates that identity security is consolidating around the control of work, not only the control of login. The field is moving toward systems that can govern credentials wherever they are used, including agentic workflows and developer environments. That does not remove the need for IAM, PAM, or secrets management. It raises the bar for how they interlock. The practitioner conclusion is to evaluate whether your current stack can govern execution, not just authentication.

From our research:

• 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface, according to Ultimate Guide to NHIs.
• Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them.
• For a deeper governance lens, see Top 10 NHI Issues for the recurring control failures that keep broad access in place.

What this signals

Identity provenance debt: as AI agents and machine identities take on more work, the governance problem becomes whether organisations can still prove who authorised access and when it should end. That is a lifecycle issue as much as a security issue, and it belongs in the same operational queue as recertification and offboarding.

The vendor momentum here suggests that buyers are looking for control layers that unify secrets, access, and accountability rather than point products that only solve one part of the chain. For practitioners, that means programme design should favour traceability across human IAM, NHI governance, and AI execution paths, not separate policy islands.

With 97% of NHIs carrying excessive privileges according to Ultimate Guide to NHIs, the structural risk is already visible. The next step for most organisations is to identify which credentials can be used by AI workflows, which cannot, and which need lifecycle controls before they are exposed to production use.

For practitioners

• Map AI workflows to executable identities Inventory where AI agents, service accounts, and human users share access paths. Record which identity actually executes each action, which credentials it consumes, and which system approves the delegation path.
• Require provenance on every credential path Tie each secret to an owner, an issuance source, and a revocation trigger. If you cannot show who authorised use and when it can be withdrawn, the credential is operating outside governance.
• Shorten the review gap for non-human access Move from periodic access review to event-based review for high-risk credentials used by automation, developer tooling, and AI assistants. The goal is to reduce the time between delegated access and governance evidence.
• Separate human convenience from machine privilege Do not let password-sharing, browser persistence, or broad service access become the default for AI-enabled workflows. Define explicit boundaries for device context, application scope, and revocation conditions before rollout.

Key takeaways

• Identity security is shifting from login control to execution control as AI agents and machine identities enter business workflows.
• Broad credential access remains the governance weak point because traceability, ownership, and revocation still lag behind delegation speed.
• Practitioners should rework lifecycle, review, and entitlement controls so they govern people, service accounts, and AI actors through one model.

Key terms

• Agentic Identity: An agentic identity is an identity used by software that can choose actions at runtime and interact with tools or data sources on its own. In governance terms, it must be bounded, attributable, and revocable because its behaviour can change without a human step for every decision.
• Identity Provenance: Identity provenance is the record of where an identity came from, who authorised it, and how its access was used over time. For non-human and AI-driven workflows, provenance is essential because ownership, delegation, and execution can span multiple systems and no single user session tells the whole story.
• Extended Access Management: Extended access management is the practice of governing access across SaaS, devices, and non-traditional actors such as service accounts and AI agents. It extends access control beyond human sign-in events to include credentials, runtime context, and revocation across the full working environment.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity security are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or governance in your organisation, it is worth exploring.

This post draws on content published by 1Password: 1Password Surpasses $400M ARR and Expands Executive Team to Advance the Next Era in Identity Security. Read the original.