1Password open sources a benchmark to stop AI agents from leaking credentials
helpnetsecurity.com
February 13, 2026
4 min read
Summary
1Password has open-sourced a benchmark called the Security Comprehension and Awareness Measure (SCAM) to address the risk of AI agents leaking credentials. SCAM evaluates the ability of AI models to identify phishing threats while operating as autonomous agents with access to sensitive tools.
Key Takeaways
- 1Password has open-sourced a benchmark called the Security Comprehension and Awareness Measure (SCAM) to evaluate AI agents' safety in real workflows.
- AI models tested under SCAM scored between 35% and 92% on their ability to avoid unsafe actions, with all models committing critical failures during baseline testing.
- A short "security skill" document significantly reduced critical failures across all models, with some achieving zero critical failures after its application.
- Hidden credentials in documents pose a major risk, as all tested models failed to warn users when forwarding emails containing sensitive information.
Source
helpnetsecurity.com
Published
February 13, 2026
Reading Time
4 minutes
Relevance Score
38/100
🔥🔥🔥🔥🔥
Why It Matters
This page is optimized for focused reading: quick context up top, a clean summary block, and a direct path to the original source when you want the full story.