Perplexity’s agentic browser, Comet, is now natively integrated with 1Password, giving an AI that can take action on your behalf a full-featured password manager. The move is meant to “harden” one of the most fraught elements of agent-driven browsing—access to accounts—while preserving credentials in encrypted form end-to-end as the agent logs in, makes purchases, or manages your account for you.
It’s based around the 1Password browser extension executing within Comet. After unlocking their vault with device biometrics or a master password, users choose to autofill from Secure Vault and secrets stay encrypted at rest until the point of autofill while Comet maintains its privacy-first security posture by keeping browsing data local. Put simply, the agent is usable, but your logins and keys don’t dribble into prompts or logs.
Secure agentic browsing: why it matters
Agentic systems up the ante because they not only propose actions—they perform them. So credential protection and transaction security are nonstarters. Stolen credentials are still a fixture in breaches, involved in approximately one-third of cases (according to the latest Verizon Data Breach Incident Report). When an artificial intelligence can run your accounts, running the “session start” becomes the point of control for risk.
Passkeys are an important part of that equation. 1Password is passkey-ready for FIDO2/WebAuthn, eliminating reusable passwords and slashing phishing risk. In practice, Comet can activate a passkey sign-in from the initial page instead of prompting for a password—say to check your bank balance or pay a utility bill—thereby shrinking the potential attack surface if an agent has been hijacked or seems to be spoofing the right credential.
How the Comet and 1Password integration works in practice
When the integration is active, your saved logins and passkeys will be available to Comet just as they are in any supported browser—with agent-aware security protecting them. Autofill is tied to the precise domain and subdomain that you’ve saved, which helps block lookalike phishing sites. If Comet is signing in to a flight, for instance, 1Password will send the airline’s credentials only to the correct site and only when you’ve unlocked the vault.
Developer and workflow secrets are also supported as part of the integration. API tokens, SSH public key fingerprints, and service credentials kept in 1Password could be checked out just in time for an agent to invoke a billing API or add some notes to a help desk ticket. The secret remains locked away in the vault rather than pasted into a chat history or long-term memory. That gap is the gap between the agent using a key and the agent leaking a key.
Control remains with the user. If the vault that you lock has to relock because your authenticator token expires, Comet can’t add any more credentials until you authenticate again. In 1Password, biometric step-up prompts, granular vault sharing, and item-level permissions let you be the decider on what the agent can touch. Perplexity says that its integration is free for Comet users, and 1Password is offering a discount to new subscribers who sign up through Comet.
Enterprise guardrails and governance for agentic browsing
For businesses, this coupling helps lend the “arm’s length” of agentic browsing more acceptability by marrying it with preexisting controls. 1Password Business provides SSO, SCIM provisioning, role-based access, audit logs, and policies that prevent autofill on untrusted sites. Security teams may also require biometric unlock to access sensitive vaults, enforce phishing-resistant sign-in with passkeys, and monitor item access in real time.
One sensible pattern is to create a dedicated “Agent” vault with only the few credentials the agent needs—perhaps a corporate travel account, sandbox billing profile, and time-scoped API tokens—and disable production secrets. Combine that least-privilege mentality with user consent prompts in Comet for high-risk actions like significant transactions or updating account recovery options.
Part of wider ecosystem changes in agent safety and identity
The integration also comes as part of a larger effort to adopt uniform standards for how AI agents manage money and identity. The Agent Payments Protocol (AP2) is a newly released open-source payments scheme for agent-led transactions that launched with over a dozen organizations, including 1Password. The direction of travel is clear: permissions, payments, and passkeys have to interlock for agents to act safely at scale.
The FIDO Alliance highlights accelerating uptake of passkeys on leading platforms, and large enterprises are starting to replace passwords for workforce applications. As agents absorb more routine activities—expense filings, subscription renewals, vendor onboarding—the secret manager becomes a policy engine. The Comet–1Password combo is one of the earliest instances of us bringing those controls as close to the action as possible.
Bottom line: secure, privacy-first agentic browsing at scale
By baking 1Password into Comet, Perplexity is attacking the most delicate of all contact points of agentic browsing: secure, phishing-resistant authentication and managed secret usage. It decreases the friction for users and risk-facing teams, all without weakening privacy defaults such as local data storage. The promise is simple: you keep your credentials locked down, while the agent gets to work.
