1Password has announced the acquisition of Apono, a just-in-time access governance specialist, in a move designed to consolidate credential security and runtime access management into a single control plane for human, machine, and AI agent identities.
The acquisition extends 1Password’s existing Unified Access platform beyond credential management into live access governance. Apono’s technology grants permissions dynamically at the moment a task begins, confines them precisely to the scope of that task, and revokes them automatically once the work is complete. Rather than relying on standing accounts, the platform evaluates each access request against policy in real time and creates the necessary role or permission natively within the relevant system, such as cloud IAM, before removing it when no longer required. Financial terms of the deal were not disclosed.
The combined offering will address what 1Password describes as a structural weakness in enterprise identity: systems built in separate silos for humans, machines, and credentials that predate the emergence of agentic AI. As AI agents increasingly interact with critical infrastructure, the inability to govern non-deterministic behaviour has created standing access exposures and stalled broader AI adoption.
Apono’s platform is compatible with more than 200 enterprise systems, including Slack, Jira, PagerDuty, and GitHub, and supports cloud infrastructure platforms such as Amazon Web Services, Microsoft Azure, Google Cloud, Kubernetes, Snowflake, and Databricks. Access requests can be submitted directly through the tools teams already use, and technical teams can also define policies as code through Apono’s API and Terraform integration. Every request, approval, grant, and revocation is recorded in a unified audit trail with SIEM-ready exports aligned to major compliance frameworks.
Alongside the acquisition, 1Password has introduced the 1Password Credential Broker, now in private beta. Beginning with GitHub Actions workload identity, the Credential Broker holds credentials within 1Password’s zero-knowledge vault and releases only the approved token or federated access to a verified requester at the precise moment it is needed, eliminating long-lived secrets from applications, repositories, and pipelines.
Together with Apono’s access governance layer, the two products form what 1Password describes as a complete zero-standing-privilege architecture: the Credential Broker secures where a credential lives and how it reaches a trusted identity, while Apono governs what that identity is permitted to do in the target system and for how long.
For AI agents specifically, Apono applies what it calls intent-based access control: a delegated agent’s access is derived from the human who authorised it and scoped to the declared intent of the task. The platform compares that declared intent against actual agent behaviour in real time, narrowing or revoking access when actions deviate from what was authorised. Direct autonomous agents are subject to the same policy framework.
1Password CEO David Faugno said, “Today’s identity systems govern the entry, but not the stay. They decide who gets in, then lose sight of what an identity does once it’s inside. Agentic workflows have exposed how fragmented enterprise identity really is, built in silos for a world before AI. Companies can’t capture the full value of their AI investments when agents are reaching critical systems through credentials nobody is governing. By combining Apono’s just-in-time provisioning and intent-based policy enforcement with 1Password’s zero-knowledge vault and Credential Broker, we’re delivering the answer: unlocking the highest-value AI use cases while keeping people in control.”
Apono co-founder and CEO Rom Carmel said, “Standing access is the quiet liability inside almost every company: permissions granted once and never taken back. We built Apono to remove access the moment the work is done: scoped to exactly what the task needs, for every engineer, knowledge worker, service account, and AI agent, decided at runtime based on context and intent. Done right, security stops being the thing that slows people down and becomes the thing that lets them move, including how confidently they can put AI to work. With a shared vision of seamless secure access across every identity, we are excited to be joining 1Password and to define what access governance looks like when AI agents run in production.”
Copyright © 2026 RegTech Analyst
Copyright © 2018 RegTech Analyst
