AI Agents Have an Identity Complex With Jeff Malnick

In this episode of AI Explained, we are joined by Jeff Malnick, VP of Engineering for Developer and AI Products at 1Password. Jeff brings deep expertise in distributed systems, secrets management, and security infrastructure from his work at 1Password and previously HashiCorp, with a focus on making the secure path the default for developers and now AI agents. 

He explains why agent identity has suddenly become urgent: AI agents are machine workloads with reasoning capabilities, which breaks the assumption behind traditional OAuth flows where permissions only need to be granted once. He walks through 1Password's framework of three agent identity models (delegated, bounded, and fully autonomous), why the laptop is the hardest environment to secure now that file system access effectively hands an unlocked machine to a reasoning stranger, and why bearer tokens and passwords are the wrong primitive for agents. He also shares how policy decision and enforcement points need to evolve to pull human intent through to just-in-time authorization, why credentials should never enter LLM context, and where federated versus distributed identity is heading over the next three to five years.