Apple @ Work is exclusively brought to you by Mosyle, the only Apple Unified Platform. Mosyle is the only solution that integrates in a single professional-grade platform all the solutions necessary to seamlessly and automatically deploy, manage & protect Apple devices at work. Over 45,000 organizations trust Mosyle to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.
For the last decade, the technology industry has been obsessed with the cloud. The assumption was that the future of AI will also rely on massive data centers, infinite GPUs, and an always-on internet connection. Apple, however, took a different path. With Apple Silicon, they bet that the most important processing would happen locally on the Neural Engine. I believe Apple made an incredibly important decision.
About Apple @ Work: Bradley Chambers managed an enterprise IT network from 2009 to 2021. Through his experience deploying and managing firewalls, switches, a mobile device management system, enterprise grade Wi-Fi, 1000s of Macs, and 1000s of iPads, Bradley will highlight ways in which Apple IT managers deploy Apple devices, build networks to support them, train users, stories from the trenches of IT management, and ways Apple could improve its products for IT departments.
According to a report from 1Password, Apple was right. The report argues that “local agents will win” because the agents that matter most will not reside on vendor servers. They will run locally, utilizing your context, data, and credentials. While this is a victory for Apple’s hardware team, it presents a potential massive new headache for those of us managing these devices, though. The report explicitly warns that our current tools aren’t ready, noting that 75% of CISOs believe they need additional tools beyond basic device management.
Credential risk
To understand why traditional management tools will struggle in the next era, we must examine how AI is evolving. We are shifting from an era of “Chatbots” that predict text to “Agents” that take action. A chatbot writes an email for you, but an agent actually sends it. This is what we’re seeing with tools like OpenClaw.
Nancy Wang, SVP of Engineering at 1Password, argues that we are entering a phase where “the credential is the new compute.” In this new world, the bottleneck and security struggles won’t be about processing power; they will be about permission. Every meaningful AI capability depends on API keys, OAuth tokens, and service accounts.
For Mac admins, this changes the game entirely. We aren’t just securing a human user anymore with their Macs and iPhones. We will be securing an army of digital AI agents acting on that user’s behalf to do work. If a local agent on a Mac has access to a user’s email and calendar to optimize their schedule, how do we ensure it doesn’t also have permission to send that data to an unknown bad actor? The agent needs the credential to do its job, but that same credential is now a high-value target for hackers.
Where device management falls short
This is where the “Access-Trust Gap” appears. We have spent years building management workflows based on device management services, which is fundamentally a configuration and device monitoring tool. It installs apps, enforces encryption, and configures Wi-Fi. It is excellent at setting a baseline, but it is rarely built to assess real-time risk.
If local agentic AI agents are the future on macOS, our management strategy must evolve from “configuration” to “trust.” We need tools that not only check if FileVault is enabled but also verify the identity of the agent attempting to access data. The team at 1Password advocates for an “Extended Access Management” approach that validates the device’s posture in real-time before granting access to sensitive infrastructure.
Wrap up
For the Apple admin, this means the days of “set it and forget it” are over. We need visibility into what these local models are doing. We need to know which browser extensions are reading screen content. We need to bridge the gap between our identity providers and our endpoint management to ensure that a “managed” device is actually a “trusted” one.
Apple correctly predicted that the future of AI would run on silicon, not just in the cloud. That bet has paid off with devices that are uniquely capable of running powerful local agents.
Apple @ Work is exclusively brought to you by Mosyle, the only Apple Unified Platform. Mosyle is the only solution that integrates in a single professional-grade platform all the solutions necessary to seamlessly and automatically deploy, manage & protect Apple devices at work. Over 45,000 organizations trust Mosyle to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.
FTC: We use income earning auto affiliate links. More.
Comments