Zero-Shot Learning is a podcast about how AI gets built, secured, and deployed. Hosted by Nancy Wang, 1Password CTO, and Dev Tagare, Senior Director of Engineering at Google, it’s a builder’s view of the architecture and the decisions it takes to ship with AI.
For Managed Security Service Providers (MSSPs), managing cybersecurity programs across multiple client environments can be a daunting task. Context-switching between isolated client accounts, enforcing access policies at scale and ensuring that no vulnerability in one environment affects another demonstrates the ongoing challenges of multi-tenant security.
The developers and engineers here at 1Password are always working to improve our products. With all the active development to introduce features, fix bugs, and enhance the overall user experience, numerous code changes go into every release. We strive to ensure each iteration is better than the last and that new code doesn’t introduce vulnerabilities. A key part of this process is our Product Security (ProdSec) team’s review of all code changes that may have security implications.
Although customer password vaults were not affected, LastPass confirmed that customer information was exposed when cybercriminals compromised a third-party market intelligence platform in June 2026. This is not the first time LastPass customers have had their information put at risk; LastPass’s major 2022 breach involved cybercriminals stealing backups of customer vault data.
This is the second post in a series that follows 1Password’s response to NIST’s call for input on how those principles should apply to agents. In our last post on agent identity, we introduced why the ability to reason makes agents fundamentally different from traditional machine workloads, why it breaks the assumptions traditional identity and access management was built on, and why real-time attestation establishes agent identity at runtime.
Hackers aren’t after any one person specifically – they're after the easiest target available. Strong unique passwords, secure storage and multi-factor authentication make breaking into accounts more trouble than it's worth.
Leading Managed Service Provider (MSP) distributors aren’t just adding identity tools to their marketplace. They are redefining the criteria for partnership within their ecosystems. For years, joining a major distributor’s marketplace was primarily a commercial transaction. Submit your business details, pass some basic onboarding checks and sell away. Identity security was an afterthought, a product category rather than a partnership requirement. Those days are gone.
Password managers are among the most helpful security tools available, offering strong password generation and encrypted credential storage. However, attackers are beginning to target password managers by exploiting the device registration flow, which is the process used to verify and approve a new device before it can access a user’s vault. By brute-forcing the One-Time Passwords (OTPs) that protect this step, attackers can register unauthorized devices and download copies of encrypted vaults.
Today we're shipping a new capability directly into 1Password Device Trust that lets admins query their fleets faster, without needing to be SQL experts. Now you can describe what you want to investigate in plain English, and Device Trust generates a ready-to-run SQL query you can execute across your devices in a single click.