"But agents!" you may say. "Agentic AI is changing the shape of work" they say. Bullshit, I say.
That seems a pretty reasonable argument to me. MCP is a complete hack, and the risk of agents going rogue (or getting hacked, or finding some vulnerability, 0-day, etc) and exposing your entire secrets database is just too high for 1P to accept. As a customer for 15+ years, that's exactly what I'd like to hear from my password manager.
Are users soon going to demand a way to give agents access to their passwords? Yes, absolutely.
With "AI browsers" and a whole industry of startups building agents, you can count the months until users start asking their password managers for ways to grant permission.
What 1Password is saying is "fine, but we need to do better", and MCP is an insecure clusterf*.
I think that's very reasonable, although I'll reserve judgement for when they release the so-called "secure agentic access".
nocsi•5h ago
But seriously, Apple is actually in a better position to let mcp into their services if they wanted. The user credentials are all bound to your physical devices, which in turn cooperate to give a measure of identity to you. You don't need to let MCP have full access to everything, the secure enclave can generate short-lived certs. I'd be surprised if passkeys weren't able to do that already.