Apple Intelligence in the Passwords app on OS 27 will agentically change passwords exposed in data breaches. The feature automates credential rotation without user intervention, according to a post by @mweinbach on X.
Key facts
- Feature ships on OS 27 platforms.
- Agentic password change for data-breach exposed credentials.
- Updates passwords directly in Passwords app.
- Eliminates manual site visits for breach remediation.
- Apple Intelligence powers the agent.
Apple is adding an agentic password-change feature to its Passwords app on OS 27 platforms, according to a post by @mweinbach on X. The system uses Apple Intelligence to detect when a stored password has been exposed in a known data breach — likely drawing from the same breach-monitoring database Apple already uses in iCloud Keychain — and automatically rotates it to a new, secure credential.
The feature updates the new password directly in the Passwords app, eliminating the manual step of visiting each compromised site and changing credentials individually. According to @mweinbach, users "never have to worry about going out of your way to change your exposed passwords."
This represents a shift from Apple's current approach. Today, the Passwords app (introduced in iOS 18 / macOS Sequoia) flags weak or reused passwords and alerts users to breaches, but requires them to navigate to the affected site and change the password themselves. The new agentic capability closes that loop.
Apple has not disclosed the underlying model or architecture powering the agent. The feature is tied to OS 27 — likely the 2026 major OS release cycle (iOS 27, macOS 27, etc.) — suggesting a launch window in late 2026. No details on whether the agent works with third-party password managers or is restricted to Apple's first-party app.
The move puts pressure on dedicated password managers like 1Password, Bitwarden, and Dashlane, which already offer automated password change workflows for some sites but typically rely on site-specific integrations rather than on-device agentic action. Apple's advantage: deep OS integration and access to the Secure Enclave for credential storage.
What's missing from the announcement
The post does not specify which breach databases the system queries, whether the agent can handle sites with multi-factor authentication or CAPTCHA challenges, or if users can preview changes before they are applied. Apple has not confirmed the feature's availability timeline beyond the OS 27 platform reference.
What to watch
Watch for WWDC 2026 (June) where Apple likely unveils OS 27 and details the agent's architecture, including which breach databases it queries and whether it supports third-party password manager integration. Also watch for 1Password and Bitwarden responses — they may accelerate agentic features before Apple ships.
