1Password Teams With OpenAI to Stop AI Coding Agents From Leaking Credentials
Summary
1Password partnered with OpenAI to protect credentials from being leaked by AI coding agents, which are AI systems that can write and deploy software automatically. The companies created an Environments MCP Server (a module that connects different systems together) for Codex that gives AI agents access to credentials only when needed, without storing them in code, prompts, or the AI model's memory where they could be stolen. Credentials are issued just-in-time, scoped to specific tasks, and kept encrypted in 1Password's vault rather than exposed where attackers could find them.
Solution / Mitigation
1Password introduced an Environments MCP Server for Codex that implements just-in-time credential access. According to the source, the solution works by: (1) issuing credentials only when needed and scoped to the specific task, (2) keeping secrets outside the model's context window, (3) providing a secure runtime environment where secrets are mounted, used, and discarded with user authentication required at access time, (4) using 1Password's vault technology to keep secrets end-to-end encrypted and centrally managed, (5) limiting access through custom permissions, and (6) injecting required variables directly into the application process at runtime so credentials exist in memory only for the authorized process and only as long as needed. The source states: 'The credentials never appear in code, terminals, or model context.'
Classification
Affected Vendors
Related Issues
Original source: https://www.securityweek.com/1password-teams-with-openai-to-stop-ai-coding-agents-from-leaking-credentials/
First tracked: May 20, 2026 at 02:00 PM
Classified by LLM (prompt v3) · confidence: 85%