AI agents can detect phishing. They just donβt know not to fall for it.
To address this risk, 1Password built the Security Comprehension and Awareness Measure (SCAM) to test AI models in real-world scenarios. The results:
Every model committed critical failures Some forwarded passwords to attackers Others typed real credentials into phishing pages
The good news? A simple 1,200-word security skill dramatically reduced failures.
Now, weβre open-sourcing SCAM. 
https://bit.ly/4aocmLC