Apono joining 1Password: what changes for access governance teams?

TL;DR: As machine identities and AI agents increasingly retrieve data, execute workflows, and provision resources across enterprise systems, 1Password says it has acquired Apono to pair credential protection with just-in-time privileged access governance, according to 1Password. The shift matters because access review models built for stable human sessions do not fully fit non-deterministic actors that need governed access at the moment of action.

NHIMG editorial — what this means for AI and NHI governance

By the numbers:

• Only 5.7% of organisations have full visibility into their service accounts.
• 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface.

Questions worth separating out

Q: How should security teams govern just-in-time access for non-human identities?

A: They should scope access to a specific task, verify the requester at the point of use, and revoke the grant automatically as soon as the work is complete.

Q: Why do standing privileges create more risk for machine identities and AI agents?

A: Standing privileges outlive the task they were meant to support, which makes them easier to abuse and harder to justify in fast-changing environments.

Q: What do identity teams get wrong about vaulting secrets and controlling access?

A: They often treat secure storage as if it automatically means safe usage.

Practitioner guidance

• Map privileged workflows to task-scoped grants Inventory where privileged access is still persistent, then convert the highest-risk workflows to just-in-time grants with automatic revocation at task completion.
• Separate secret custody from access authorisation Define one control owner for credential storage and another for action authorisation so the vault, token broker, and privilege layer can each be tested and audited on their own terms.
• Rework access reviews for non-human actors Stop using human review cadences as the only governance trigger for machine identities and AI agents.

What's in the full announcement

1Password's full article covers the operational detail this post intentionally leaves for the source:

• The acquisition rationale behind combining credential protection with just-in-time privileged access governance.
• How 1Password Credential Broker releases approved credentials, tokens, or federated access at the moment of need.
• The vendor's description of Zero Standing Privilege as a default operating model for cloud access.
• The team-level and product-integration details behind the Apono and 1Password access-layer approach.

👉 Read 1Password's acquisition announcement for Apono and Unified Access →

Apono joining 1Password: what changes for access governance teams?

Explore further

View Full Forum →  |  NHI Foundation Course →