AI Agents Expand the Developer Security Attack Surface

1Password's Nancy Wang on Secure-by-Default Design for Multi-Cloud Environments Michael Novinson (MichaelNovinson) • December 18, 2025

Developers want speed, yet traditional security approaches often force them to slow down and manually manage credentials. This friction drives insecure practices, such as leaving API keys exposed or embedding secrets directly in code.

See Also: Going Beyond the Copilot Pilot - A CISO's Perspective

Nancy Wang, senior vice president of engineering at 1Password, said organizations must adapt their security assumptions as agentic workflows proliferate across multi-cloud environments. What once looked like a manageable identity and access problem at the human level becomes far harder to govern once autonomous systems start operating alongside employees.

"If you think about humans accessing credentials, well now you've just expanded that attack surface by at least 50x, maybe even more," Wang said.

In this video interview with Information Security Media Group at AWS re:Invent 2025, Wang ...