On July 16, 2026, 1Password released an integration that lets Anthropic’s Claude perform tasks inside password-protected websites without ever handling your credentials. The Mac-only feature, called 1Password for Claude, relies on explicit user approval for every login and a zero-exposure design that keeps passwords and one-time codes entirely out of the AI’s reach.

What 1Password for Claude Actually Does

The integration is purpose-built for browser-based chores that require authentication: checking a Stripe dashboard, redeeming an Audible credit, or completing a purchase. Claude can request a login, but 1Password’s desktop app intercepts the request and asks the user to approve or deny it. If approved, the credentials are filled directly into the site’s login form. Claude receives only metadata — which site it’s signing into, whether the fill succeeded — and never sees the username, password, or any time-based one-time passcode.

1Password calls this a “zero-exposure” architecture. The credential-bearing traffic stays entirely on the Mac, shuttled between the 1Password desktop app and its browser extension. Nothing sensitive enters Claude’s context, memory, or Anthropic’s back-end systems. Even the Claude desktop app is verified during pairing through macOS code-signing checks, and each subsequent agent session gets its own cryptographic session credentials.

There’s an important boundary, however: after a successful login, Claude is inside an authenticated website session. The integration protects the secrets; it does not govern what Claude does once it has access. As 1Password’s own security documentation notes, the agent could still take actions that the user might not intend.

The Approval Barrier: A Human in the Loop

Every credential release demands a manual thumbs-up. Access is tied to the current Claude session and expires when that session ends. There’s no standing permission. That design choice matters because it prevents an agent from silently reusing credentials later. The user also has the option to pick a different matching vault item — say, a secondary work account instead of a personal one — or simply deny the request.

Accompanying the release is a new Agentic Mode in the 1Password browser extension. When a compatible browser agent takes control, the extension hides its own interface and restricts the agent’s visibility to only the credentials explicitly approved for the task. The rest of the vault remains locked away. The extension also checks pages after autofill and clears filled values if a form submission fails, reducing the chance that an agent resumes control over a page displaying plaintext secrets.

Who Gets It and Who Doesn’t

The integration is live now for 1Password individual, family, and business customers — but only on Mac. The requirements are specific:

  • The 1Password desktop app (macOS)
  • The 1Password browser extension
  • The Claude desktop app (macOS)
  • The Claude in Chrome extension

Windows users are entirely excluded at launch. 1Password has stated plans to extend the solution to “additional browser-based agents and platforms” but hasn’t committed to a timeline. Given that both 1Password and Claude have large Windows user bases, the omission is conspicuous and likely temporary.

For enterprise administrators, the relevant control is a 1Password Business policy that governs whether AI agents may autofill credentials on behalf of users. The default is off, and admins must deliberately flip the switch. This isn’t a general-purpose password sharing feature; it’s a tightly scoped delegation system with explicit approvals at every step.

Why This Matters for Different Users

For Consumers and Power Users

If you’re on a Mac, this could be a genuine time-saver. The handoff is straightforward: tell Claude to check your Stripe revenue, approve the 1Password prompt, and the agent gets on with it. You don’t need to copy-paste credentials or worry about them leaking into a large language model’s training data. That separation of secrets from agent logic is the main selling point.

There’s a catch, though. The agent needs you to be present and paying attention to approve every login. That makes the feature useless for fully unattended workflows where you’d want Claude to batch-process tasks overnight. It’s explicitly designed for interactive use.

For Business and IT Teams

1Password Business admins should review the “AI agents may autofill credentials” policy immediately. Even when the integration is technically available, it won’t work unless an administrator explicitly enables it. The approval-only design means employees can’t accidentally leak vault-wide secrets through a chat prompt, but the risk surface shifts to what an agent might do after a legitimate login.

Consider a scenario: an employee approves a login for a support dashboard, and Claude later misinterprets a follow-up instruction and deletes a customer record. That’s not a credential leak, but it’s a real-world consequence of agentic access. IT teams will need to pair this technical control with training on what tasks agents should and shouldn’t be asked to perform.

For Windows Users (Yes, You’re Left Out)

There’s no way around it: 1Password for Claude is a Mac exclusive right now. If you rely on Windows, you can’t use this integration. That’s frustrating, but not entirely surprising. 1Password’s Apple-first development rhythm has been evident for years — features like Universal Autofill on iOS landed well before equivalent Windows conveniences. Still, the company’s promise to expand to other platforms suggests Windows support could arrive in a future update. For now, Windows users who want AI-assisted logins might look to alternatives like Microsoft’s own Copilot integrations with Edge’s password manager, though those lack the explicit approval and split-secret architecture 1Password is shipping here.

How We Got to Agent-Centric Password Management

1Password’s bet on agent-friendly credential handling didn’t begin yesterday. The company has been positioning its vault as a “trust layer” for AI agents since at least mid-2025, when CEO Jeff Shiner talked publicly about a future where agents would need authenticated access to services without humans handing over passwords.

Anthropic, meanwhile, has been building Claude’s “computer use” capabilities — the ability to control a mouse and keyboard within a virtual environment — which naturally bumped into the login problem. Browsers and websites simply aren’t designed for headless agent access. Every time Claude hit a login screen, it either stalled or needed human intervention. The 1Password integration solves that bottleneck without breaking security assumptions.

The broader industry context matters too. Consumer willingness to let AI agents touch passwords remains low. A PYMNTS Intelligence report, “2026 Global Digital Shopping Index: The Agentic Commerce Deep Dive,” found that fewer than 40% of consumers would let an agent near their payment credentials. 1Password’s design — keeping credentials invisible to the model — is a direct answer to that trust deficit. It’s a recognition that the path to agentic commerce runs through cryptographic separation, not broad model access.

Immediate Steps You Can Take

If You’re a Mac User

  1. Update your 1Password desktop app to the latest version (8.10.54 or later).
  2. Make sure the 1Password browser extension is installed and connected.
  3. Install the Claude desktop app and the Claude in Chrome extension.
  4. Open Claude, navigate to a site that requires login, and watch for the 1Password approval prompt.
  5. Decide case by case whether to approve or deny each login request.

Remember: the feature only works in Chrome at launch. Safari and Firefox aren’t yet supported.

If You’re a Business Administrator

  • Locate the “Allow AI agents to autofill credentials” policy in your 1Password Business admin console.
  • Set it to “On” only after auditing which users will be using Claude and what tasks they’ll delegate.
  • Communicate to employees that credential approval is per-login and never automatic.
  • Consider logging: 1Password’s activity logs will show when an agent-initiated autofill occurred, giving you an audit trail.

If You’re on Windows

Patience. You can express interest through official channels — 1Password’s forums, social media, or business support — to help the company gauge demand. In the meantime, if you’re dead-set on AI-assisted logins today, you’ll need to either switch to a Mac for those workflows or explore Windows-native bets like the Edge password manager with Copilot, though they don’t match the zero-exposure model.

The Road Ahead

1Password has already signaled its next moves: support for payment cards and identity details, plus expansion to other browser-based agents and platforms. That likely means Windows support is on the roadmap, even if it wasn’t ready for launch. The bigger question is whether Apple’s tight code-signing and sandboxing model, which made the Mac integration possible, will complicate a Windows port. Windows has its own integrity mechanisms — code signing, process isolation — but the desktop agent landscape is more fragmented. A Windows version might require deeper cooperation with Microsoft’s own credential APIs.

Watch also for how other password managers respond. If 1Password’s approval-based model proves popular, it could spur a wave of similar integrations from competitors like Dashlane or Bitwarden. For now, 1Password for Claude is a carefully contained experiment at the intersection of password management and AI agents — and a reminder that true security often means keeping secrets out of the model’s hands entirely.