Skip to main content

1Password Allies With OpenAI to Secure Codex AI Coding Tool

1Password and OpenAI today revealed they have integrated a Model Context Protocol (MCP) server to the Codex artificial intelligence (AI) coding tool to better secure developer credentials.

As a result, Codex credentials can now be issued on a just-in-time basis to ensure secrets are not logged, cached, reused across sessions or surfaced in unexpected outputs. Instead of sharing .env files or hardcoding credential values, application developers access a shared environment where secrets are made available at runtime, without the values ever appearing in code, terminals, or model context.

1Password CTO Nancy Wang said, with that approach, in effect, developers can grant Codex access to credentials directly inside their coding workflows while keeping secrets outside of code. The MCP server does not read or return secret values through the MCP channel, surface secrets in the model’s context window, or write them to disk. Codex can create environments, list variable names, and invoke applications that use those secrets, but the values themselves never leave the 1Password vault.

As a result, DevSecOps teams can manage coding agents as a tenant rather than another vault where secrets might be stored. Secrets remain encrypted and centrally managed, with access limited to authorized users who have been granted customized permissions, said Wang. Under no circumstances is credential data ever exposed to an AI agent or large language model (LLM) as plain text, she added.

1Password is now making a case for managing the credentials granted to human developers and their AI agents via the same platform, said Wang. In time, 1Password will extend that reach to include multiple AI coding tools, she added.

The credential developers use to access application development environments have always been a rich target for cybercriminals who are trying to inject malware into a downstream application or IT environment. However, with the rise of AI agents that are capable of autonomously performing a wide range of tasks, the amount of havoc cybercriminals can potentially wreak using a stolen set of credentials is now substantially greater.

Naturally, it’s still early days so far as adoption of AI coding tools, but it’s now more a question of when rather than if they will be targeted. Cybersecurity syndicates have in recent years demonstrated a keen interest in software supply chains that, if compromised, can provide often unfettered access to IT environments that might not be discovered, if ever, for months.

Unfortunately, too many developers are still relying on traditional passwords to access tools and platforms, even though they can be easily stolen. More challenging still, many of those tools and platforms may not even be managed by cybersecurity teams that, through hard-won experience, have a greater appreciation for the need to protect credentials.

The hope is, of course, that application development and cybersecurity teams are now proactively working more collaboratively to secure software supply chains in the wake of a series of high-profile attacks. The degree to which those efforts will succeed will naturally vary from one organization to another. The one certain thing is that continuing to rely on traditional passwords to access DevOps tools and platforms is now little more than an open invitation to disaster.



from DevOps.com https://ift.tt/fkmBaz1
Labels:

Comments

Post a Comment

Popular posts from this blog

Cursor’s New SDK Turns AI Coding Agents Into Deployable Infrastructure

For most of its life, Cursor has been an IDE. A very good one. But with the public beta of the Cursor SDK, the company is making a different kind of move — one that should get the attention of DevOps teams. The Cursor SDK is a TypeScript library that gives engineers programmatic access to the same runtime, models, and agent harness that power Cursor’s desktop app, CLI, and web interface. In short, the agents that used to live inside an editor can now be invoked from anywhere in your stack. That’s a meaningful shift in how AI coding tools fit into software delivery pipelines. From the Editor to the Pipeline If you’ve used Cursor before, the workflow is familiar — you interact with an agent in real time, asking it to write functions, fix bugs, or review code. The SDK breaks that dependency on interactive use. Now you can call those same agents programmatically, from a CI/CD trigger, a backend service, or embedded inside another tool. Getting started is a single inst...
Post a Comment
Read more

Mistral Moves Coding Agents to the Cloud — and Gets Out of Your Way

For the past year or so, AI coding agents have been tethered to your local machine. You kick off a task, watch the terminal, and babysit every step. It works — but it’s not exactly hands-free. Mistral just changed that. On April 29, the Paris-based AI company announced remote coding agents for its Vibe platform, powered by a new model called Mistral Medium 3.5. The idea is simple: Instead of running coding sessions on your laptop, they now run in the cloud — asynchronously, in parallel, and without you watching over them. What’s Actually New Coding sessions can now work through long tasks while you’re away. Many can run in parallel, and you no longer become the bottleneck at every step the agent takes. That’s the core pitch. You start a task from the Mistral Vibe CLI or directly from Le Chat — Mistral’s AI assistant — and the agent handles the rest. When it’s done, it opens a pull request on GitHub and notifies you, so you review the result inste...
Post a Comment
Read more

OpenAI Debuts Symphony to Orchestrate Coding Agents at Scale

OpenAI has unveiled Symphony, an open-source specification that shifts how software development teams deploy AI in workflows, moving from interactive coding assistance toward continuous orchestration of autonomous agents. Symphony reframes project management tools as operational hubs for AI-driven coding. Rather than prompting an assistant for individual tasks, developers assign work through issue trackers, allowing agents to execute tasks in parallel and deliver outputs for human review. The change reflects a trend in enterprise AI in which systems are increasingly embedded into production pipelines rather than used as standalone tools. Symphony emerged from internal experimentation at   OpenAI , where engineers attempted to scale the use of   Codex   across multiple concurrent sessions. While the agents proved capable, human operators became the limiting factor. Engineers found they could only manage a handful of sessions before coordination overhead offset pro...
Post a Comment
Read more