1Password announced the acquisition of Apono, a provider of just-in-time access governance technology, expanding the capabilities of its Unified Access platform to manage identities and permissions for humans, machines, and AI agents. Financial terms of the transaction were not disclosed.
The acquisition strengthens 1Password’s effort to create a unified control platform that governs credentials and runtime access across enterprises. More than 180,000 businesses and over one million developers currently use 1Password to secure credentials, secrets, and access to critical systems.
Apono’s technology dynamically grants access only when required, scopes permissions to specific tasks, continuously monitors activity, and automatically revokes privileges when work is completed. The company integrates with more than 200 enterprise systems and supports infrastructure platforms including Amazon Web Services, Microsoft Azure, Google Cloud, Kubernetes, Snowflake, and Databricks.
1Password said the acquisition addresses the growing complexity of identity management as organizations deploy AI agents and machine identities alongside human users. Through intent-based access controls, AI agents receive permissions derived from the human who authorized them, and access can be restricted or revoked if behavior deviates from approved tasks.
Alongside the acquisition, 1Password introduced the 1Password Credential Broker, which has entered private beta. Initially supporting GitHub Actions workload identity, the offering is designed to secure credentials in 1Password’s zero-knowledge vault and provide approved tokens or federated access only when needed.
The company said the combination of Apono’s access governance capabilities and the Credential Broker extends the Unified Access platform from credential management to zero-standing-privilege access governance, creating a single policy and audit framework for human users, machine identities, and AI agents.
Founded by Rom Carmel, Apono focuses on eliminating standing access privileges and providing runtime decisions based on policy and context. The company’s platform creates permissions dynamically and removes them automatically after tasks are completed.
KEY QUOTES:
“Today’s identity systems govern the entry, but not the stay. They decide who gets in, then lose sight of what an identity does once it’s inside. Agentic workflows have exposed how fragmented enterprise identity really is, built in silos for a world before AI. Companies can’t capture the full value of their AI investments when agents are reaching critical systems through credentials nobody is governing. By combining Apono’s just-in-time provisioning and intent-based policy enforcement with 1Password’s zero-knowledge vault and Credential Broker, we’re delivering the answer: unlocking the highest-value AI use cases while keeping people in control.”
David Faugno, CEO of 1Password
“Standing access is the quiet liability inside almost every company: permissions granted once and never taken back. We built Apono to remove access the moment the work is done: scoped to exactly what the task needs, for every engineer, knowledge worker, service account, and AI agent, decided at runtime based on context and intent. Done right, security stops being the thing that slows people down and becomes the thing that lets them move, including how confidently they can put AI to work. With a shared vision of seamless secure access across every identity, we are excited to be joining 1Password and define what access governance looks like when AI agents run in production.”
Rom Carmel, Co-Founder and CEO of Apono
“As organizations accelerate adoption of cloud infrastructure, machine identities, and AI agents, the number of privileged identities is growing dramatically, creating demand for solutions that eliminate standing privileges and can govern access in real time. By combining credential security, machine identity protection, and just-in-time zero-standing-privilege access, 1Password is uniquely positioned to help organizations secure the next generation of human and non-human identities.”
Duncan Brown, Group Vice President, Worldwide Security Products, IDC
