1Password’s new benchmark teaches AI agents how not to get scammed

Question

In 2024, a research team found that GPT-4 could identify phishing websites with near-perfect accuracy. Ask a modern AI model, “is this email dangerous?” and it almost always gets it right.
Unfortunately, an AI model’s ability to recognize threats does not translate to an AI agent’s ability to avoid them.
AI agents can read your inbox, open links, read secrets on your computer, forward emails, and fill out forms on their own. The problem is what they could do next: open the phishing link, pull your real password from the vault, and type it into the attacker’s fake login page.
That’s not a hypothetical. In our testing, one of the most capable AI models available today did exactly that, ten seconds after being asked to check the inbox.
To address this risk, we’ve built the Security Comprehension and Awareness Measure (SCAM): an open-source benchmark that tests whether AI models can stay safe when they’re actually doing things like reading emails and filling in passwords.
Read the full post and explore SCAM here:

https://1password.com/blog/ai-agent-security-benchmark
https://1password.github.io/SCAM

charlesrutabanzibwa123 · Answer

Thanks for your tutorial articles but I couldn't read about SCAM(Security Comprehension and Assurance Measure)

Forum Discussion

1Password’s new benchmark teaches AI agents how not to get scammed

1 Reply

Featured discussions

January 2026 at 1Password: Taking on credential sprawl and advanced phishing scams

Recent discussions

January 2026 at 1Password: Taking on credential sprawl and advanced phishing scams

1Password’s new benchmark teaches AI agents how not to get scammed

Upcoming 1Password webinars

Introducing stronger phishing protection in 1Password

What's next for 1Password education