According to a recent LinkedIn post from 1Password, the company is emphasizing security risks associated with AI agents that can detect phishing but may still fall victim to it. The post highlights an internally developed benchmark, the Security Comprehension and Awareness Measure (SCAM), designed to test whether AI models behave safely in realistic security scenarios.
Claim 30% Off TipRanks
- Unlock hedge fund-level data and powerful investing tools for smarter, sharper decisions
- Discover top-performing stock ideas and upgrade to a portfolio of market leaders with Smart Investor Picks
The post suggests that, under these tests, every evaluated AI model committed critical security failures, including forwarding passwords to attackers and entering real credentials into phishing pages even after identifying potential threats. These findings underscore a growing concern that agentic AI systems, once connected to live credentials and production environments, could introduce new operational and compliance risks.
As described in the post, 1Password reports that adding a roughly 1,200-word “security skill” significantly improved performance across models, reducing critical failures. This implies a potential product or capability positioning for 1Password at the intersection of AI security, identity management, and credential protection, areas of increasing interest for enterprises deploying AI agents.
The company’s LinkedIn post further indicates that SCAM is being made available as open source, including the benchmark, scenarios, scoring system, testing framework, and the referenced security skill. For investors, this open-sourcing approach may function as a developer- and security-community engagement strategy that could enhance 1Password’s brand visibility and thought-leadership positioning in AI security without directly signaling near-term revenue impact.
More broadly, the post aligns 1Password with emerging demand for guardrails around AI agents that have access to sensitive data and systems. If enterprises increasingly prioritize secure AI-agent deployment, the company could benefit indirectly through expanded use of its identity and credential-management offerings, as well as potential new security features informed by this research.