TL;DR: Identity security for human and AI identities is increasingly being pulled into AI workflows where oversight has historically been weak, as 1Password says it has surpassed $400 million in ARR, with more than 1.3 billion human and machine credentials under management and over 180,000 business customers.
NHIMG editorial — based on content published by 1Password: 1Password Surpasses $400M ARR and Expands Executive Team to Advance the Next Era in Identity Security
By the numbers:
- 1Password says it has surpassed $400 million in annual recurring revenue and now serves more than 180,000 business customers.
- More than 30% of the Forbes AI 50 are among 1Password's business customers.
- 1Password says gross retention is above 90% and customer spending over $100,000 ARR has grown at a 70% compound annual rate over the past three years.
Questions worth separating out
Q: How should security teams govern AI agents that use business credentials?
A: Security teams should treat AI agents as non-human identities with explicit ownership, scoped access, and revocation rules.
Q: Why do shared credentials become riskier when AI systems are in the workflow?
A: Shared credentials become riskier because AI systems can act at machine speed across multiple tools and sessions, while human governance still assumes slower, reviewable use.
Q: What breaks when identity governance does not cover AI agents and service accounts together?
A: Governance breaks at the boundary between approved access and actual execution.
Practitioner guidance
- Map AI workflows to executable identities Inventory where AI agents, service accounts, and human users share access paths.
- Require provenance on every credential path Tie each secret to an owner, an issuance source, and a revocation trigger.
- Shorten the review gap for non-human access Move from periodic access review to event-based review for high-risk credentials used by automation, developer tooling, and AI assistants.
What's in the full analysis
1Password's full research covers the operational detail this post intentionally leaves for the source:
- Customer and revenue context behind the ARR and retention figures, including the commercial segments driving growth.
- Product-level detail on Secure Agentic Autofill, Secrets Syncing, and the AI browser integration mentioned in the announcement.
- Partner ecosystem specifics across Microsoft, AWS, CrowdStrike, Zscaler, and Drata, including how the vendor frames distribution and MSP reach.
- Leadership-role detail for the newly appointed executives and how the company describes their operating remit.
👉 Read 1Password's update on identity security growth and AI governance →
Identity security for AI agents: what 1Password's growth signals?
Explore further
Identity security is becoming an AI governance problem, not just a secrets problem. The vendor's numbers show that the centre of gravity has moved from individual credential protection to whole-programme control over human and machine access. Once AI agents operate inside business processes, identity teams must govern who or what can act, when it can act, and how that action is traced. The practitioner conclusion is that identity governance now has to span both people and non-human actors in one model.
A few things that frame the scale:
- 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface, according to Ultimate Guide to NHIs.
- Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them.
A question worth separating out:
Q: How do organisations decide whether to prioritise secrets management or access governance first?
A: Organisations should treat them as linked controls, but prioritise the use case with the highest blast radius. If access can be reused broadly across SaaS, developer tooling, or AI workflows, governance over entitlement scope and revocation should come before adding more secret storage layers.
👉 Read our full editorial: 1Password's $400M ARR underscores identity security's AI shift