Security Bite: Apple's most impressive agentic AI feature yet is hiding in the Passwords app

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

While WWDC26 is winding down, I’ve had time to reflect on Monday’s keynote, where Apple spent most of its time preaching to parents about on-device Child Safety and, of course, Siri AI.

However, it also showcased something insanely neat and ingenious on Apple’s part that is largely being overshadowed. I’m referring to the new agentic AI feature now in iOS 27’s Passwords app.

Before, if you had passwords labeled as compromised or weak in Apple Passwords, you had to click each one individually and go to the corresponding website to change them manually. Not a conducive workflow if you have hundreds with a red warning label.

IniOS 27, available now as a developer beta, users can just make one tap, and a fixed-model agentic AI will go to each website on your behalf and change a weak or compromised password for you. Nothing else is required from the user, and there’s zero prompting.

Before it begins, it will even ask for permission to temporarily access one-time verification codes in Messages or Mail if 2-factor authentication is enabled on any of the accounts. The permission window lasts depending on how many credentials need changing.

The implementation of computer use models in this way is truly impressive, and something we don’t typically see from Apple, which has been one step removed from the more advanced AI features we’re seeing from Google.

On top of working surprisingly well for a first beta (I’ve tested), it’s an ingenious way for Apple to keep users in the Passwords app, thus further locking them into the ecosystem. The new passwords generated and saved are stored in iCloud so they can be easily autofilled across other apps and websites.

There’s an enterprise angle worth adding here too, and it’s one I haven’t really seen covered.

The same one-tap convenience that’s great for regular users could be a headache in a managed work environment. Ex: an employee with a bunch of work logins saved in Passwords on their personal iPhone. They tap the fix button, and now the agent is letting loose on company accounts.

Now throw in accounts that use an authenticator app instead of a text or email code, and the agent has nothing to grab even after you’ve granted that one-time code permission. I could see failed changes and lockouts quickly turn into help desk tickets.

It’s still very early in the beta cycle, but as of now, there’s no mention of an MDM setting to manage or turn off agentic Passwords on company-owned devices.

Apple usually ships a control for features like this, and plenty of organizations already block iCloud Keychain syncing, which might shut the feature off on its own anyway. But for heavily regulated industries like finance and healthcare, an AI changing credentials with no clear record of what it did isn’t going to sit well with compliance…

Overall, this new feature is easily more exciting to me personally than any of the Siri AI stuff that was shown off. But I’d love to hear more takes. What do you think about having agentic AI handle website credentials? Let me know in the comments below.

Security Bite is 9to5Mac’s weekly deep dive into the world of Apple security. Each week, Arin Waichulis unpacks new threats, privacy tips and concerns, vulnerabilities, and more, shaping an ecosystem of over 2 billion devices.

Follow Arin: Twitter/X,LinkedIn, Threads