Toronto's 1Password Acquires Apono to Build the Security Control Layer for Businesses Running AI Agents
Toronto-based 1Password announced its acquisition of New York cybersecurity company Apono on June 15, 2026, positioning itself as the unified access governance platform for enterprises deploying AI agents. The deal is 1Password's fifth acquisition and its third in the AI era, following its purchase of Kolide in 2024 and Trelica in 2025.
1Password sells software that helps individuals and companies securely store and access the passwords they need to use apps and websites. New York-based Apono will enable it to help other businesses secure and govern access to the credentials that their employees, machines, and AI agents require to do their work, much more easily from within a unified control pane. 1Password plans to continue providing Apono as a standalone offering while also integrating its tech into the firm's new Unified Access Platform, which is geared towards helping companies deploy autonomous AI without putting their sensitive systems and data at risk. Star-Advertiser
Financial terms were not disclosed. Apono's 80 employees are joining 1Password's 1,400-person team, remaining based in New York and Tel Aviv.
The Problem Apono Solves
The core challenge is one that every enterprise deploying AI agents at scale is now confronting. When humans access company systems, access can be governed through traditional identity management - roles, permissions, time-limited tokens. When AI agents access those same systems autonomously, running tasks without human supervision, the traditional governance model breaks down.
The company will use Apono to determine when, why, and for exactly how long various parties have access to corporate credentials. Apono has taken a more dynamic and simplified approach to helping companies ensure the right parties have the right access to the credentials they need at the right time, allowing businesses to grant, monitor, and revoke access in the same place. Star-Advertiser
1Password CEO David Faugno described the strategic importance directly: "It's a critical unlock of the vision that we've got. But we're not going to rest on our laurels there. That gives us the opportunity to build a much, much bigger business than we ever envisioned."
Apono had raised $54 million USD in total funding prior to this deal. In addition to expediting 1Password's product plans, it also represents the firm's first foray into Israel, where Faugno said it hopes to take advantage of the country's "tremendous" security talent pool. Star-Advertiser
Why This Matters for Enterprise AI Deployment
From four years advising executives on AI for business adoption, I have watched the credential governance question become one of the most urgent unsolved problems in enterprise AI. When a company gives an AI agent access to its CRM, email, and document systems to perform autonomous tasks, the answer to "what can that agent access, for how long, and with what logging?" has been unclear for most organizations.
The BMW AI chatbot case last week - where a customer-facing AI made unauthorized commitments that became legally binding - is a symptom of the same underlying problem. AI agents operating without clear, dynamic, revocable access controls create liability that enterprises are only beginning to understand.
1Password is also launching its Credential Broker today - a new product within its Unified Access Platform geared towards reducing the amount of passwords that live inside applications and other places. Apono will play a key role in determining how those credentials are actually used much more seamlessly. Star-Advertiser
The "control pane" framing in 1Password's announcement is deliberate. The company is not just selling credential storage - it is positioning itself as the governance layer that sits above all AI agent activity in an enterprise, deciding what each agent can touch, when, and under what conditions. That is a significantly larger business opportunity than password management, and a significantly more strategically important one.
What Business Leaders Need to Do Now
For companies currently deploying or planning to deploy AI agents across their business systems, the 1Password-Apono story is a prompt to review your current access governance framework. Specifically: does your organization have a real-time view of what credentials your AI agents hold access to? Can you revoke that access instantly if something goes wrong? Do you have audit logs of every action an agent takes with those credentials?
These are not theoretical questions. The token billing crises at Microsoft and Uber, the BMW chatbot liability case, and the Anthropic export control situation all share a common thread: AI systems operating with insufficient governance created unexpected consequences that were expensive to reverse. Access governance is the infrastructure layer that prevents those consequences at scale.
Cut Through the Noise
What did 1Password acquire and why?
Toronto's 1Password acquired New York cybersecurity company Apono on June 15, 2026, to build a unified access governance platform for enterprises deploying AI agents. Apono's technology allows businesses to dynamically grant, monitor, and revoke credential access for employees, machines, and AI agents in a single system. 1Password is integrating Apono into its Unified Access Platform while continuing to offer Apono as a standalone product. Financial terms were not disclosed.
Why do AI agents create credential security risks that traditional tools don't address?
Traditional identity management governs human access through roles, permissions, and authentication. When AI agents access business systems autonomously - without human supervision per action - they require credentials but operate outside normal human access patterns. Without dynamic governance, an AI agent may retain access to sensitive systems indefinitely, access more than it needs for a given task, and leave no meaningful audit trail of its actions.
What is Apono's approach to access governance?
Apono provides dynamic, just-in-time access management that allows businesses to specify when, why, and for exactly how long any party - human, machine, or AI agent - has access to corporate credentials. Access can be granted automatically based on defined conditions and revoked immediately when no longer needed. All access events are logged in a centralized system, giving security teams real-time visibility into what is accessing what across the organization.
How does the 1Password-Apono deal fit the broader AI security market?
The acquisition reflects a growing enterprise recognition that AI agent deployment creates security and governance challenges that existing tools were not designed to handle. As AI agents gain access to email, CRM, financial systems, and proprietary data, the question of who controls that access - and can revoke it - becomes a board-level security question. 1Password is positioning itself as the company that owns that control layer across an organization's entire AI agent fleet.
