"These latest models run on device and on servers using Private Cloud Compute," Apple wrote in a blog post.
Apple Intelligence and the new "agentic" password manager
At WWDC 2026 Apple announced an Apple Intelligence–powered capability that can automatically fix weak and compromised passwords. Where the built-in Passwords app and Safari today flag weak, duplicate, or compromised credentials, the company said the new feature will take action "agentically" — using AI to update eligible accounts to strong passwords without requiring manual replacement by the user.
What Safari and the Passwords app did before, and what is changing
Until now, Apple’s password tools have been largely advisory. Safari and the built‑in Passwords app can warn you when a password is weak during account creation and can help generate a secure password, and they can flag duplicates or credentials that appear compromised. Apple made clear at WWDC 2026 that the difference is functional: the new feature will not only detect weak or compromised passwords but will attempt to automatically update eligible accounts to strong credentials within the Passwords app and Safari.
Foundation models, Gemini, and privacy architecture
Apple framed the capability as part of a larger Apple Intelligence push built on a next generation of "Apple Foundation Models." According to the company, those models are custom-built in collaboration with Google; Apple "used Gemini models, likely its output, to fine-tune its own model and deeply integrated them into Apple Intelligence experiences." Apple also emphasized a privacy-first engineering approach: the firm said most features will run locally on new iPhones, while other elements run in the cloud through what Apple calls Private Cloud Compute.
On that point Apple wrote directly, "When Private Cloud Compute is handling users’ requests, their personal data is not stored nor made accessible to Apple or anyone else." The company said the entire Apple Intelligence architecture — from foundation models to operating system integrations — is "built privacy-first."
Availability: iOS 27 rollout and developer beta
Apple said the Apple Intelligence improvements, including the agentic password manager, are scheduled to arrive with iOS 27 later this year. For those who do not want to wait for the public release, Apple indicated the feature can be tried in the developer beta by signing up for the Developer Program and installing the beta build.
What this means for end users, security teams, and enterprises
- End users: The promised automation will change the user experience around compromised or weak passwords — rather than receiving warnings and having to replace credentials manually, users will see eligible accounts updated automatically to stronger passwords in the Passwords app and Safari.
- Security teams: The source material also includes a separate industry statistic: "Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen." That whitepaper claim, reproduced in the announcement feed, underscores a tension: identity-focused automations can reduce one class of exposure, but the broader detection and response picture remains uneven.
- Enterprises and procurement leaders: Organizations that accept automated password changes on user devices will need to assess which accounts are "eligible" for automatic updates and how the Apple Intelligence flows — local on‑device models vs. Private Cloud Compute — align with internal policies on credential management and managed authentication.
Apple’s announcement marks a clear push to move password hygiene from advice to action by using locally run models and a hybrid private cloud for operations the company judges necessary. The feature’s impact will depend on what counts as an "eligible" account, how broadly the automatic updates can be applied across web services and enterprise logins, and whether the Private Cloud Compute promise holds in practice when cloud resources are used. Apple says the rollout arrives with iOS 27 and that developers can try the beta today; beyond that timeline, the central open question is operational: which accounts will be eligible for automated replacement, and how will those replacements be coordinated across devices and cloud services?
