My first 100 days at Bitwarden

I didn't come to Bitwarden looking for a job. I came because I kept running into it.

In the years leading up to this role, Bitwarden would come up again and again as recommended by engineers, noted by security teams and championed by IT administrators who had tried everything else. For a company that hadn't been around all that long, it had built a remarkably outsized reputation. What struck me wasn't just that people used Bitwarden, it was how they talked about it with a kind of loyalty you don't usually see for software. The kind that comes from a product that actually does what it promises, without asking anything in return that it hasn't earned.

When the opportunity to lead the company came, I said yes quickly. One hundred days in, I'm more convinced than ever it was the right call.

Coming to Bitwarden, I saw the ingredients for the next great security company: a rock-solid product, a passionate user community, a trusted open source foundation, customers of every size across every industry, and a market that keeps expanding as the world moves more of its life online. I also saw something harder to manufacture, a genuine culture of caring, inside and outside the company, about making everyone more secure.

Those first impressions have held up.

My first priority was listening. I spent these months in conversations with customers from individual users to large enterprise organizations, as well as partners, the broader Bitwarden community, and perhaps most importantly, Bitwarden employees. The Bitwarden team is deeply talented and deeply committed to this mission. Listening to them has been one of the most valuable things I've done.

I also quickly dug into password managers in a way I had not done before. I came in as a new Bitwarden user, without preconceptions, and experienced Bitwarden the way millions of people encounter it for the first time. That experience taught me something important. Security alone is not enough. People know they should use a password manager. What stops them, or causes them to abandon one, is friction, complexity, and moments where the tool appears to get in the way instead of getting out of the way. Bitwarden already has a strong foundation here in making the right choices to help millions of users, and I believe we can go further. The goal for Bitwarden is beyond just being the most trusted password manager.  It's to be the easiest one to love.

A few other things became clear very quickly.

Trust is everything here. Bitwarden is a company people invite into the most sensitive corners of their digital lives:  every password, every credential, every secret. That trust is not given lightly, and it must never be taken for granted.

The community is extraordinary. Bitwarden has one of the most engaged, thoughtful, and vocal user communities in the technology industry. People show up not because they were asked to, but because they believe in what Bitwarden represents. I have seen this firsthand. As CEO of Acquia, the company behind the Drupal open source platform, I spent years inside one of the world's largest open source communities. I learned what it means to earn the trust of developers and contributors who have no obligation to stay, and every incentive to leave if you let them down. The Bitwarden community has that same character and the product would not be where it is today without it. For that, I am genuinely grateful.

Open source is not a feature. It's a foundation. The ability to audit the code, to self-host, to verify rather than simply believe are not just nice-to-haves, they are the reason Bitwarden is different from every other option in this space, and that will not change.

The Bitwarden founding vision of a world where no one gets hacked is more than a phrase. It's a genuine organizing principle. And realizing it requires that Bitwarden be available to as many people as possible, across as many contexts as possible.

Let me be direct about what that means in practice.

Bitwarden will always have a free version. Not a restricted trial. Not a bait-and-switch. A genuinely useful, functional free tier, because every individual has a right to basic password management, and a world where more people use strong credential security is safer for all of us. That commitment is permanent.

When you pay for Bitwarden, you get the best value in the market. Bitwarden paid plans for individuals, families, and businesses, will continue to deliver more capability, more security, and more trust per dollar than any alternative. We welcome being judged on it.

Innovation is not optional and Bitwarden will invest. The threat landscape is evolving faster than most organizations realize. Safely implementing passkeys, preventing AI-driven attacks, the mix of managing both humans and agent identities represent the challenges Bitwarden exists to solve, and they are all growing. 

We commit to putting meaningful resources behind the research, product development, and engineering talent required to stay ahead. Expect to see more from Bitwarden in the coming months across credential management, enterprise capabilities, and user experience.

There will be changes. A company that stops evolving stops being relevant, and standing still is not an option. What I can promise is that change at Bitwarden will always be grounded in the commitments above, and to our open source foundation, to an easily accessible product, to value, and to the trust you've placed in us. When we make changes, we'll tell you why.

To the millions of people who use Bitwarden, and especially those who have been with us for years, contributed to the forums, submitted issues on GitHub, and recommended Bitwarden to the people in your lives, thank you.  You are not just users of this product. You are part of why it matters.

I look forward to continuing to earn your trust.

I'm grateful for the opportunity, and I'm just getting started.

— Mike Sullivan, CEO, Bitwarden