For a lot of people, Bitwarden became the go-to password manager after the LastPass fiasco. Free, open source, and trustworthy, it has gained a reputation by offering a free tier, keeping the code open, and not pulling the rug.
But that comes at a cost; any hit to its image matters a lot when we are talking about software that holds extremely sensitive information.
So when things start looking a little off, people pay attention. And over the past few months, a few things have looked a little off.
Some things changed at the top
The first change worth noting happened in February. Bitwarden's longtime CEO, Michael Crandell, stepped back to an advisory role. The company said nothing about it publicly, and one would have to check his LinkedIn profile to find out.
The new CEO is Michael Sullivan, who was previously CEO of Acquia and, before that, InsightSoftware. What got people worried was his experience of working across "all facets of mergers and acquisitions," with named private equity firms, including Hg, Vista Equity Partners, and TA Associates.
That is a very particular background for someone to be stepping into a head honcho role at a password manager company. Bitwarden's CFO also changed, where Stephen Morrison left in April and Michael Shenkman, who previously ran InVision, came in as his replacement.
None of these major executive changes were officially announced.
Quiet changes
The term "Always free" has been restored (left), but it was missing for quite some time (right).
I referred to the Wayback Machine and found that the term "Always free" had been on Bitwarden Personal's product page for a long time, sitting inside the plan comparison table.
It disappeared sometime in mid-April and was only restored sometime after May 14.
According to a company employee who posted on the r/Bitwarden subreddit, all of that was supposedly due to an oversight by the Bitwarden marketing team.
Then there's the other issue of values being quietly changed. Bitwarden has used the GRIT acronym to describe its company culture for years, standing for Gratitude, Responsibility, Inclusion, and Transparency.
I again checked the Wayback Machine, and the values were still intact as of March 14, 2026. At some point after that, they were quietly changed. GRIT now stands for Gratitude, Responsibility, Innovation, and Trust.
The 2022 blog post Crandell wrote laying out the original GRIT values was edited to reflect the new ones. Except the editing stopped halfway. The explanatory paragraph further down in the same post still describes Inclusion and Transparency as the values.
Bitwarden's stance
Sullivan published a blog recently, laying out his first 100 days at Bitwarden and also hashing some things out.
The free tier is not going anywhere. He ruled out a trial model or bait-and-switch and said that the open source foundation and the ability to audit the code, self-host, and verify are what make Bitwarden different from everything else in the space.
He also acknowledged that changes are coming, but those would be explained properly.
Should you be worried?
The post referenced above is the most direct on-record statement Bitwarden has about the free tier. But a pattern of ambiguity has already been established.
For such a sensitive piece of software, unannounced leadership changes and a values rewrite are the kind of thing that should make you nervous. But unless Bitwarden does something drastic like axing the free tier or pulling a Cal.com, there is not much to act on just yet.
Suggested Read π: Bitwarden vs. Proton Pass
Ankush Das
