Turning credential risk into guided action

Credential‑based risks continue to drive security incidents across enterprise and personal environments, often remaining unresolved due to limited visibility and slow remediation. Bitwarden expanded credential risk insights and guided remediation across work and everyday account usage, helping users and organizations move more quickly from identification to action.

Bitwarden Access Intelligence delivers application‑level visibility into weak, reused, or exposed credentials tied to business‑critical systems, paired with guided remediation at scale. Findings from the Bitwarden Business Insights Report show credential issues take an average of nine days to resolve, while 60 % of organizations cite remediation barriers. Access Intelligence prioritizes risk by context and severity and directs employees to the correct password‑update flows, reducing remediation friction at scale.

Vault health alerts and password coaching extend similar visibility to individual users by surfacing at‑risk passwords directly within the browser extension, web app, and desktop applications. These capabilities guide users to strong, unique replacements saved securely to the vault, addressing persistent password reuse, which Bitwarden polling shows affects 72 % of Gen Z adults despite rising awareness of AI‑enabled phishing and automated credential harvesting.

These capabilities reflect a more cohesive approach to credential risk management, supporting faster action and stronger identity‑security outcomes across personal and organizational use cases.

Advancing passkey innovation and interoperability

Passkey adoption continued to accelerate as Bitwarden expanded support across operating systems, browsers, and open standards, reinforcing a passwordless future built on portability and phishing‑resistant authentication. Deeper collaboration with platform providers and standards helped reduce fragmentation across environments, while bringing passkey‑based access into everyday workflows for individuals and organizations alike.

Key passkey advancements included:

• Cross‑platform passkey portability, supported through ongoing contributions to the FIDO Credential Exchange Protocol, enabling secure passkey transfer and recovery across devices, services, and ecosystems.

• Native Windows 11 passkey support, delivered in collaboration with Microsoft, empowering users and organizations to store and use passkeys directly within the Windows operating system while managing them through the Bitwarden vault.

• Passkey login for browser extensions, extending passwordless authentication to Chromium‑based browsers using the WebAuthn PRF standard and bringing phishing‑resistant access into one of the most frequently used platforms.

These efforts reflect a broader industry shift toward identity‑centric authentication grounded in open standards and passwordless innovation.

Extending secure access and control across environments

Bitwarden expanded secure access into AI‑assisted and automated management with strong control and governance. The Bitwarden Model Context Protocol (MCP) server established a secure, local‑first framework for integrating AI assistants with encrypted Bitwarden operations. Designed to run on local machines or controlled environments, the MCP server enables AI agents to generate, retrieve, and manage Bitwarden through authenticated CLI and API access without exposing raw secrets or compromising a zero‑knowledge encryption architecture.

This framework extends to prompt‑driven workflows for tasks such as device approvals, user management, and policy enforcement under explicit IT oversight. All actions remain auditable through event logs, reinforcing transparency and control as organizations explore practical, security‑first approaches to AI‑assisted identity workflows.

Additional product and ecosystem enhancements throughout the year further strengthened secure access and usability across platforms:

• General availability of Bitwarden lite self‑host deployment, offering a lightweight, flexible option for individuals and community members.

• Introduction of the Bitwarden SSH Agent, extending secure credential handling to developer and infrastructure workflows.

• ISO 27001 certification, reinforcing enterprise assurance around security governance and operational controls.

• Expanded ecosystem availability, including Bitwarden Password Manager support for the Meta Quest VR headset browser, enabling secure credential access within immersive web experiences.

• Completion of native mobile application general availability, delivering full native app support across iOS and Android with improved performance and platform‑level integration.