How Bitwarden's Founder Built an Open-Source Password Manager — and Why It Stays Free

Disclosure: Bitwarden is a sponsor of the TWiT network. This interview was not sponsored or paid for.

Bitwarden founder and CTO Kyle Spearrin used a rare one-on-one TWiT interview to send a clear message: the password manager's open-source code and free-forever individual tier are not going away. Speaking with Leo Laporte, Spearrin traced Bitwarden's path from a solo side project to a security company used by everyone from his own family to NASA — and addressed a recent wave of community anxiety head-on.

From LastPass Frustration to a Solo Side Project

Spearrin explained that Bitwarden grew out of his own dissatisfaction with LastPass around 2015, when LogMeIn acquired it — a deal worth $110 million in cash at close, rising to as much as $125 million with retention payments. A career web and .NET developer, he saw an opening to build something better and more trustworthy.

He launched the first version in 2016 — a Chrome extension, a mobile app, and a web vault — initially built with Xamarin, and went full-time on the project in 2017. For years he ran it essentially alone, handling engineering, support, and sales demos himself. (Bitwarden's mobile apps are now native Swift and Kotlin.)

Why Open Source Is a Trust Strategy, Not a Community Project

The most consistent theme was Spearrin's reasoning for going open source. He pointed out that he published the code chiefly to earn trust — not to crowdsource development — and originally licensed it under the GPL (today the server is AGPLv3 and the clients GPLv3, with a source-available license for some enterprise modules).

Laporte noted a vivid payoff: after a Security Now! discussion of memory-hard key-derivation functions, a listener submitted code that led Bitwarden to adopt Argon2id alongside PBKDF2 — a concrete security upgrade made possible by the open model. Spearrin added that open source also enables self-hosting and forks like the Rust-based Vaultwarden, which he welcomes because it still grows the brand. He framed the business model as selling to companies while keeping individual use free, with enterprise customers often arriving through employees who already use Bitwarden at home.

Addressing the Backlash: Price, the "Always Free" Scare, and a New CEO

Laporte pressed Spearrin on three early-2026 events that fueled online speculation. Bitwarden roughly doubled its Premium plan from $10 to about $20 a year — its first increase in a decade — "always free" language briefly vanished from the website, and a new CEO, Mike Sullivan, arrived from a private-equity and M&A background, succeeding longtime chief Michael Crandell.

Spearrin called the three events unrelated. He described the website change as a marketing mix-up that was reversed as soon as it was flagged, and said the price rise simply reflected pricing held flat for ten years. He was emphatic that abandoning open source or the free tier would be self-defeating, since both define the brand — and noted that Sullivan's "first 100 days" blog post was an attempt to reassure the community after the fact.

Credentials in the Age of AI Agents

On AI, Spearrin drew a sharp line. Internally, Bitwarden has adopted AI-assisted development to keep pace, but the company is deliberately not embedding AI features into the product itself. Instead, it wants to connect the vault to wherever credentials are needed — including AI systems — via its MCP server and the new Agent Access SDK, announced during RSAC 2026.

The SDK is an open standard that lets an AI agent request a single credential without being handed the entire vault. Spearrin said other password managers — he named Dashlane — and several AI companies are evaluating or adopting the approach, though Bitwarden has not yet named public partners. He positioned it as a sequel to Bitwarden's FIDO Alliance work opening passkey ecosystems to third parties, and to developer-pleasing additions like built-in SSH key generation and storage.

Key Points

• Bitwarden began as founder Kyle Spearrin's response to the LastPass/LogMeIn acquisition, launching as open source in 2016.
• Spearrin treats open source primarily as a trust-and-transparency mechanism; outside contributions like Argon2id are a welcome bonus, not the goal.
• The company monetizes enterprise customers while keeping the individual free tier — unlimited passwords, devices, and passkeys — intact.
• A 2026 price increase, a website wording change, and a new PE-background CEO sparked fears that Spearrin says are unfounded and unrelated.
• Bitwarden's AI strategy is to connect the vault to AI agents (via the MCP server and Agent Access SDK), not to put AI inside the product.

The Bottom Line

Spearrin's core argument is that trust is Bitwarden's product as much as password management is, and that open source plus a genuinely free tier are the foundation of that trust. The recent controversy, in his telling, was a communications stumble rather than a change in direction — and the company's next act is about securely extending your credentials into an AI-driven world.

Watch the full conversation: https://youtu.be/KsdvY2bzeWU