1Password has introduced a new phishing prevention feature designed to help users recognize potential phishing attacks. This browser extension will not autofill login credentials if the URL of a website does not match the saved URL in 1Password, and it will display a warning message to alert users. The feature is being rolled out starting January 22, 2026, and will be enabled by default for individual and family plan users, while business accounts will require manual activation by 1Password Admins.
WatchGuard has released Open MDR, a unified managed detection and response solution designed for managed service providers (MSPs). This solution allows MSPs to deliver consistent managed security services without requiring significant changes to their existing operations. Key features of Open MDR include 24/7 monitoring by WatchGuard’s Security Operations Center (SOC), AI-powered threat hunting, and support for a range of security tools, including WatchGuard Firebox and Microsoft Defender. Open MDR is globally available through WatchGuard’s network of MSP partners and adds to the company’s existing MDR offerings without necessitating tool migration.
Why do we care?
Security vendors keep removing friction for MSPs—but they’re also moving decision-making out of sight.
1Password is doing the right thing by slowing users down. But that only works if MSPs stop pretending users are “trained” instead of constrained. Phishing succeeds because humans are fast, not stupid.
WatchGuard’s Open MDR sounds attractive because it doesn’t force change. But that’s exactly where MSPs get burned. If you outsource detection without redefining authority, you create a gap between action and accountability. Clients won’t care which SOC saw the alert—they’ll care who explains the breach.
The harmful MSP behavior to watch for is stacking “security solutions” and assuming the sum equals safety. It doesn’t. It equals distributed responsibility.
AI and automation are accelerating faster than human oversight. If MSPs don’t deliberately define control, authority, and limits, clients will assume the MSP owns all of it. And when something fails, that assumption turns into liability, margin loss, and churn.
Security isn’t about having the right tools anymore. It’s about being explicit about who is in charge when those tools fail.
If you can’t clearly answer these questions, you’re already exposed:
– Who has decision authority when automation acts?
– What actions require human approval?
– Which risks are explicitly excluded from our responsibility?
– What failures are the client contractually accepting?