1Password has acquired Apono, a just-in-time access governance specialist, in a move designed to extend its reach from securing credentials to governing what every human, machine, and AI agent is permitted to do at runtime.
The deal brings together 1Password’s credential security infrastructure with Apono’s dynamic, policy-driven access provisioning, creating what the company describes as a unified control plane for enterprise identity. Rather than relying on standing permissions, Apono evaluates each access request against policy in real time, dynamically creates the account or role required for that specific task, and revokes it automatically once the work is complete. The combined offering will sit within 1Password’s Unified Access platform, which helps organisations discover, secure, and audit human, machine, and agent identities across their environments.
Alongside the acquisition, 1Password has introduced the 1Password Credential Broker, now available in private beta, initially supporting GitHub Actions workload identity. The Credential Broker holds credentials within 1Password’s zero-knowledge vault and releases only an approved credential, token, or federated access to a verified requester at the precise moment it is needed, with no long-lived secrets persisting in applications, repositories, or pipelines. The two products address different layers of the same challenge: the Credential Broker governs the credential itself, while Apono governs what a verified identity can then do within a target system, and for how long.
Apono’s platform supports cloud infrastructure including Amazon Web Services, Microsoft Azure, Google Cloud, Kubernetes, Snowflake, and Databricks, and connects with more than 200 enterprise systems such as Slack, Jira, PagerDuty, and GitHub. Access requests can be submitted directly through tools teams already use, with approvals and grants issued in real time. Every request, approval, grant, and revocation feeds into a centralised audit trail with SIEM-ready exports that align to major compliance frameworks. For AI agents specifically, Apono’s Intent-Based Access Control ties a delegated agent’s permissions to the human who authorised it and the declared purpose of the task, continuously comparing stated intent against actual behaviour and narrowing or revoking access when the two diverge.
1Password provides identity security infrastructure for more than 180,000 businesses and over one million developers. Its platform enables organisations to secure credentials and secrets, manage access to critical systems, and now, with the addition of Apono, govern runtime permissions at the identity level across humans, machines, and AI agents. The Unified Access platform brings those capabilities together into a single policy surface with a comprehensive audit trail.
The acquisition addresses a structural problem that agentic AI workflows have made increasingly urgent. Enterprise identity systems were built in separate silos for humans and machines, with no common framework for governing what an identity is permitted to do once it has gained access. As AI agents begin operating across critical systems, that fragmentation creates security exposure through standing privileges and ungoverned credentials. 1Password’s acquisition of Apono is intended to resolve that fragmentation by converging credential security and access governance onto one platform.
1Password CEO David Faugno said, “Today’s identity systems govern the entry, but not the stay. They decide who gets in, then lose sight of what an identity does once it’s inside. Agentic workflows have exposed how fragmented enterprise identity really is, built in silos for a world before AI. Companies can’t capture the full value of their AI investments when agents are reaching critical systems through credentials nobody is governing. By combining Apono’s just-in-time provisioning and intent-based policy enforcement with 1Password’s zero-knowledge vault and Credential Broker, we’re delivering the answer: unlocking the highest-value AI use cases while keeping people in control.”
Apono co-founder and CEO Rom Carmel said, “Standing access is the quiet liability inside almost every company: permissions granted once and never taken back. We built Apono to remove access the moment the work is done: scoped to exactly what the task needs, for every engineer, knowledge worker, service account, and AI agent, decided at runtime based on context and intent. Done right, security stops being the thing that slows people down and becomes the thing that lets them move, including how confidently they can put AI to work. With a shared vision of seamless secure access across every identity, we are excited to be joining 1Password and to define what access governance looks like when AI agents run in production.”
Copyright © 2026 FinTech Global
