OpenAI will require security researchers using its most cyber-capable frontier AI models to protect their accounts with hardware-backed passkeys, tightening access amid growing concerns that compromised accounts could place powerful cybersecurity tools in the hands of criminals.
From 1 September 2026, every individual member of OpenAI’s Trusted Access for Cyber program must enable Advanced Account Security using a hardware-backed passkey.
Those who fail to meet the requirement will lose access to the advanced models and return to the company’s default level of model access.
The Trusted Access for Cyber program gives qualified security researchers and organisations access to advanced AI capabilities for authorised defensive work. Approved uses include vulnerability triage and validation, malware analysis, detection engineering and patch validation.
The decision underscores a widening security problem for the AI industry: protecting powerful models is no longer only about controlling what they can do. Providers must also verify who is accessing them and prevent attackers from taking over legitimate accounts.
OpenAI is also strengthening restrictions for high-risk entities and jurisdictions as part of a broader effort to prevent the misuse of advanced cyber capabilities.
Physical security keys replace weaker account protections
Hardware-backed passkeys store authentication credentials inside a physical security key instead of synchronising them through software or cloud services.
Because the credentials cannot be copied or remotely extracted, they provide stronger protection against phishing, credential theft, adversary-in-the-middle attacks and account takeover.
The technology also checks that a user is connecting to the legitimate service before authentication takes place. This prevents someone from accidentally signing in to a fraudulent website built to steal passwords or authentication codes.
Passwords, SMS codes and mobile push notifications remain vulnerable to increasingly sophisticated phishing, social engineering and session-hijacking attacks.
A physical security key raises the difficulty and cost of compromising an account, particularly for criminals attempting to create, validate and resell stolen accounts at scale.
Through Advanced Account Security, OpenAI users can protect their ChatGPT accounts with security keys and disable weaker fallback authentication methods that attackers could otherwise exploit.
Yubico welcomed the mandate, describing it as a new model for protecting access to high-value AI systems.
“We are introducing a new model for phishing-resistant security at scale for the AI ecosystem,” said Jerrod Chong, chief executive officer, Yubico.
“This partnership with OpenAI delivers the highest level of protection against phishing with a low-friction user experience,”
“Ultimately, our intent is to drastically reduce the threat of unauthorised access to sensitive data in OpenAI accounts worldwide,”
We are proud to partner with OpenAI to deliver YubiKeys, the leading security key that offers the strongest way to use passkeys, increasing protection of sensitive user data for the AI frontier.”
OpenAI expands its use of YubiKeys
OpenAI already uses YubiKeys internally to protect employees and infrastructure against sophisticated phishing attacks. The expanded partnership will allow eligible account holders to adopt the same hardware-backed authentication model.
A custom two-pack of YubiKeys is being offered to existing OpenAI account holders at preferred pricing. It includes:
- YubiKey C NFC – OpenAI: Supports authentication on compatible phones, tablets and computers through USB-C or a tap using near-field communication.
- YubiKey C Nano – OpenAI: A low-profile USB-C security key designed to remain connected to a laptop for convenient, ongoing protection.
Once a security key is enrolled, users can authenticate through a fast, passwordless process without relying on credentials that can be copied, intercepted or synchronised between devices.
The mandate represents a significant shift in AI security. As access to advanced models becomes more valuable—and potentially more dangerous when stolen—strong identity controls are becoming as important as the safeguards built into the models themselves.
