Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

"The hardest thing in security is always the chaos," according to Travis McPeak, Head of Security at Cursor. He shared this with Nancy Wang, CTO of 1Password, and Dev Tagare, Senior Director of Engineering at Google, on a recent episode of Zero-Shot Learning, the podcast about how AI gets built, secured, and deployed. "We're always going to have more that we have to be doing than we can actually do.".

At 1Password, we regularly invite outside experts to challenge our assumptions and strengthen our security. We encourage security researchers to participate in our bug bounty programs, and have spent years building a collaborative research environment. We also believe in the benefit of open source software and standards, which raise the bar for the industry as a whole, while ultimately benefiting our 1Password customers.

One of the less surprising findings of the 2026 Verizon Data Breach Incident Report (DBIR) is the fact that incidents targeting the Financial and Insurance sector are on the rise. As they put it, “This sector continues to be a favorite among attackers, which isn’t surprising given that its core business is handling money.”

The Cybersecurity Maturity Model Certification (CMMC) is a Department of Defense (DoD) framework made to ensure organizations handling federal information maintain adequate cybersecurity controls. While CMMC is often associated with government agencies and defense contractors, research universities involved in DoD-funded projects may also need to protect Controlled Unclassified Information (CUI) like research data and technical specifications.

Right now, somewhere in your organization, a service account token is sitting in a CI/CD environment variable with access to your entire cloud environment. The job it was created for got deleted three sprints ago, and nobody knows it's still there.

Database access is one of the largest blind spots in enterprise security. Credentials are often shared, insecurely stored or transmitted without monitoring. KeeperDB is a modern, multi-protocol database client that addresses these gaps by supporting PostgreSQL, MySQL, Microsoft SQL Server and other major protocols from a unified interface.

Every year, the Verizon Data Breach Investigations Report (DBIR) is one of the most hotly-anticipated and widely-read documents in security. And every year includes some surprising stats and reshuffles the top few threat vectors. But longtime readers will notice that the 2026 DBIR features some advice that ought to be familiar to everyone by now: get the basics right.

Employees are adopting AI tools, agents and automations faster than organizations can govern them. The real danger emerges when these tools connect directly to internal systems and sensitive data in the name of enhancing productivity. Among employees who use AI at work, a significant share do so without formal approval from IT or security teams, which is commonly called shadow AI.

Cyber warfare is no longer limited to geopolitics. What was once primarily a concern for government agencies and defense contractors is now a reality for enterprises across every industry.

In our view, The Gartner Hype Cycle for Agentic AI, published in April 2026, contains a passage that we at 1Password feel should be a wakeup call for any organization building an agent program.