At WWDC26, Apple announced something that’ll make security advocates nod and then immediately frown. In iOS 27, iPadOS 27, and macOS 27, the Passwords app will use Apple Intelligence as an agent that doesn’t just flag weak or compromised passwords — it’ll actually go onto the website, log in, change the password, generate a strong replacement, and save it. All by itself.
That probably sounds like a dream if you’ve ever ignored a “your password appeared in a data breach” warning for three months because, honestly, who has time to visit every website’s impossible-to-find account settings page?
The problem it solves is real
Apple’s existing Passwords app already flags reused, weak, and compromised credentials using privacy-preserving techniques that don’t expose your actual passwords to Apple. But the last step — actually getting humans to change the password — is where security advice goes to die.
People don’t change breached passwords reliably. When they do, they often pick something similar or reuse the new one elsewhere. NIST’s own guidelines say services should force password changes when compromise is detected. Apple’s automation could finally close the gap between detection and action, shrinking the window an exposed password stays useful to attackers.
Detection is observation. Changing passwords is authority.
Here’s where it gets tricky. Finding a compromised password in a database is passive. Logging into someone’s account and changing the credential that controls it is an active, high-impact action. The agent has to navigate unpredictable website layouts, handle redirects, deal with weird password rules, manage MFA challenges, click through confirmation emails, and cope with expired sessions.
iOS 27, iPadOS 27, and macOS 27 are in developer beta as of June 8, 2026, and Apple hasn’t fully published the detailed security architecture, supported-site requirements, or failure-handling model. The joint Five Eyes guidance on careful adoption of agentic AI services has some pointed advice for exactly this kind of scenario.
On one hand, this could genuinely improve security for millions of normal users who’d never make those changes themselves. On the other hand, you’re handing an AI agent the keys to your accounts and asking it to operate on the open web — one of the least predictable environments in computing.
The questions that matter
How does the agent handle a website that’s been redesigned since Apple tested it? What happens when the password change fails halfway through — did it save the new password or the old one? Which sites are supported on day one, and how will Apple communicate limitations to users? Does the user confirm each change individually, or can it batch-process a dozen at once?
None of these questions have public answers yet. They need to before this ships to consumers this fall.
Watch this space
Automating password hygiene is the right problem to solve. Apple’s approach could set the standard for how password managers evolve beyond vaults into active security agents. But the line between helpful assistant and delegated authority over your accounts is one that deserves more scrutiny than a WWDC slide deck can provide. The developer beta period is when these questions should get answered — and scrutinized.
