Cursor has partnered with 1Password to better protect secrets as applications are developed using an artificial intelligence (AI) coding tool.
Nancy Wang, senior vice president and head of engineering for 1Password, said a Hooks Script provides application developers with a secure, just-in-time way to ensure only required secrets are made available to Cursor AI agents at runtime. As a result, secrets are never hardcoded and raw credentials are never handled directly by those AI agents in a way that might, for example, show up in a prompt or a file, she added.
Later this year, the two companies have pledged to develop richer policies and permissions that allow teams to define granular, task-specific access rules for AI agents. Additionally, they will provide broader support for integration using the Model Context Protocol (MCP) for data integrations that is now being advanced under the auspices of the Linux Foundation.
Finally, 1Password will add support for automated secret rotation for AI-driven workflows in addition to enhanced audit visibility to monitor how AI agents access credentials throughout the software development lifecycle (SDLC).
Ultimately, the goal from a cybersecurity perspective is to make it as simple as possible for application developers to do the right thing in a way that doesn’t add an additional level of friction, noted Wang.
In general, 1Password is working toward building a “trust graph” to provide a visual framework for tracking and managing AI agent access in much the same way it already does for humans, said Wang. The goal is to make it simpler to manage both permissions that have been granted to an autonomous AI agent as well as any AI agent that has inherited permissions from an end user, she added.
Under no circumstance should any AI agent be given access to any long-life credential, noted Wang.
It’s not clear to what degree best DevSecOps practices are being applied to AI coding tools, but as more of them are deployed, they provide cybercriminals with a tempting target through which they can potentially compromise a software supply chain. In the last year, cybercriminals have become increasingly adept at compromising software supply chains as part of an effort to distribute malware downstream to any number of applications.
Ultimately, it’s not a question of whether AI coding tools will be compromised so much as it is to what extent. DevSecOps teams should assume that at some point credentials will be stolen. The SDLC should be designed in a way that limits the amount of damage that might possibly be inflicted if they do go missing.
No amount of security concerns, however, is likely to have a meaningful impact on the pace at which AI coding tools are being adopted. Instead, the focus needs to be on making it as safe as possible to use tools that, while possibly flawed, significantly improve individual developer productivity. The challenge, as always, is getting those developers to have a greater appreciation for the level of risk being added as more AI technologies are embedded across the SDLC.
