GoKawiilApple's new AI can automatically change compromised passwords, but giving an agent control of account credentials introduces risks involving prompt injection, lockouts, consent, and compromised devices.
Apple announced something at WWDC26 that sounds genuinely useful and slightly terrifying at the same time.
In iOS 27, iPadOS 27, and macOS 27, the Passwords app will be able to use Apple Intelligence and Safari to automatically change weak or compromised website passwords. Instead of warning you that an old password appeared in a breach and sending you off to fix it yourself, Apple’s new agentic password-changing feature can navigate the website, sign in, replace the password with a strong one, save it, and show the work as a Live Activity.
That solves a real security problem.
People ignore compromised-password warnings. They put them off because changing a password is annoying, the website hides the setting, the account asks for another verification step, or the user has 40 other warnings waiting behind it. A warning that never becomes action is not much of a control.
But there is an important line between detecting a risky password and changing the credential that controls somebody’s account.
Detection is observation.
Changing the password is authority.
The question is not whether AI can find the change-password button. The question is how much authority we should give it after it does.
As of June 8, 2026, these operating systems and this feature are in developer beta. Apple has announced the capability, but the detailed security architecture, supported-site requirements, failure handling, and approval model are not yet fully documented publicly. That means some of the biggest questions do not have confirmed answers yet.
... continue reading