Perplexity’s Comet is designed for “agentic browsing” — this is where your AI assistant, who has been given free rein of the web, will help you sign in and do things on your behalf! That ambition ups the stakes on security of credentials, which is why direct integration with 1Password is a significant move: secrets remain encrypted end-to-end and the agent only gets just enough access to act.
Why this matters to agentic browsing and security
Agent-led actions pack a punch in part because they’re privileged: when we log in and check orders or file returns or pull invoices, it’s super-sensitive access. More recent breach reports such as Verizon’s Data Breach Investigations Report further emphasize that credential abuse is among the top ways attackers compromise organizations. Handing over the keys to an AI without adding any additional risk is the ultimate challenge that this integration solves.
Passwords aren’t the only things that modern authentication is advancing beyond. Google has said publicly that passkeys are faster and prone to fewer authentication errors than passwords, and groups such as the FIDO Alliance have been promoting standards for phishing-resistant sign-in. Comet complements 1Password in its trajectory, with capacity to autofill from passkeys and one-time codes without exposing raw secrets to the browsing agent.
How the 1Password–Comet integration works
1Password is part of Comet and runs in your browser as an extension without your secrets ever leaving their local, encrypted storage.
Security model
For determining encryption keys, 1Password brings together an account password and a Secret Key that’s held on your device, so even the provider can’t read your vault. Comet might ask for a login, but the extension handles the fill, maintaining that separation between what your agent knows and what your encrypted data is.
In a real-world sense, that means you can ask Comet to “open my payroll portal and download last month’s stub,” and it can do so by navigating there, bringing up 1Password to sign in in the mix, and so on — without the agent itself ever storing or handling your credentials. The flow is the same between devices; a single audited access path spans contexts.
Perplexity already holds browsing-related data locally on the device. With 1Password in play, strong client-side encryption also blankets the most sensitive part of the workflow — authentication — thus shrinking the risk surface as agents increasingly get smarter.
Security implications and safeguards for agents
Agentic systems increase the conventional browser threat model. It’s not just that a user is mistyping a URL anymore — it’s an automated system deciding for you. These are the guardrails that really matter here:
- Domain-bound autofill (only fill on exact matches)
- Granular prompts before releasing credentials
- Support for phishing-resistant methods such as passkeys
1Password also provides extra controls that enterprises are concerned about: item-level permissions, vault scoping, and activity logs to help auditors know who accessed what accounts and why. Features such as Watchtower, which can send alerts for reused or breached passwords, and Travel Mode, which briefly removes unsafe vaults from a device when necessary — handy if your agent runs on a shared machine.
A concrete failure mode is that of an agent getting fooled into a look-alike site. Domain-matching and user confirmation mitigate that risk, as does basing authentication on passkeys (which are origin-bound and cannot be replayed elsewhere). For high-value accounts, combining passkeys with device biometrics introduces a human-in-the-loop checkpoint without creating impediments to common flows.
Paying for AI writes the check for our actions
Standardized controls are becoming the norm as agents begin to place orders or pay invoices. Google has newly introduced the Agent Payment Protocol (author’s note: renamed as AP2), which will be all about making agent-initiated payments auditable and secure. It started with dozens of firms on board, such as 1Password, representing momentum towards a shared system for authorizing, scoping, and attributing the financial actions that an AI makes on behalf of its users.
And the 1Password–Comet combo fits within that arc: secrets are encrypted, actions can be attributed, and sensitive operations can be guarded by strong authentication. Combining the two makes agentic browsing not just convenient but manageable.
How to get started with Comet and 1Password today
Perplexity customers can enable the built-in 1Password extension for free. And new users checking out 1Password via Comet are getting a limited-time offer of 25% off subscriptions, to further lower the barrier to better sign-in hygiene.
The best experience is to:
- Store your most important accounts in 1Password
- Turn on passkeys wherever they are supported
- Migrate OTP codes back into your vault for coordinated autofill
- Require confirmation of biometrics for fills that you consider high risk
- Enforce vault limitations by role in the enterprise
- Audit access events to ensure AI-driven sessions are transparent and accountable
The upshot: combining 1Password’s zero-knowledge security with Comet’s agentic workflows makes automated browsing safer without slowing you down.
As the web moves to AI-assisted sessions, this sort of architectural segregation — the agent does this and we authorize with forwarded encrypted credentials — will determine trusted automation.
