Proton Pass Introduces Monitored Credential Sharing for AI Agents via Access Tokens
Proton Pass now lets users grant AI agents limited, auditable access to stored credentials through AI access tokens, with full activity logging and end-to-end encryption.
Proton Pass, the end-to-end encrypted password manager from Proton, has rolled out a new feature that allows users to share credentials with AI agents in a controlled, auditable manner. The feature, called AI access tokens, enables users to grant AI agents read-only access to specific vaults while maintaining full visibility into every request the agent makes. This addresses a growing need as more organizations integrate AI assistants into workflows that require access to sensitive data.
To use the feature, users create an access token in their Proton Pass settings and provide the setup instructions to their AI agent. The agent must then supply a reason for each credential request, which is logged in an activity log that users can review at any time. This ensures that even if an AI agent is compromised or misbehaves, the user can see exactly what data was accessed and when.
Access tokens are available on Pass Plus (included in Proton Unlimited), Pass Family, Pass Professional, and Proton Workspace plans. The tokens can be scoped to specific vaults, limiting the agent's visibility to only the items necessary for a given task. Users can also set expiration periods ranging from one hour to one year and revoke permissions at any time.
“AI access tokens are easy to set up. In your Proton Pass settings, create a new access token and copy and paste the setup instructions to your AI agent. Then simply ask your agent to perform actions that require access to the items you’ve shared with it,” said Son Nguyen Kim, Head of Business Unit at Proton.
The feature supports a variety of AI-driven tasks, such as reviewing bank transactions, generating fitness reports, or summarizing customer interactions. For users who do not rely on AI agents, the tokens can also be integrated into scripts and automation workflows through the Pass CLI.
Proton Pass protects all data with end-to-end encryption, meaning usernames, passwords, API keys, payment cards, and other items remain accessible only to account owners unless they explicitly choose to share them. AI agents receive read-only permissions for assigned vaults and cannot create, edit, or modify stored items.
This release comes amid a broader industry push to secure AI agent interactions with sensitive data. Earlier this month, 1Password partnered with OpenAI to introduce a just-in-time credential model for Codex, preventing AI coding agents from persistently storing secrets. Proton's approach offers a more general-purpose solution for any AI agent or automation tool, with granular access controls and full auditability.
By combining end-to-end encryption with monitored access tokens, Proton Pass provides a security model that allows users to leverage AI assistants without compromising their credential security. As AI agents become more prevalent in both personal and enterprise settings, such controls will be essential for preventing unauthorized data exposure.