OpenAI Strengthens AI Security: Passwordless Access for Trusted Users, Tightens Restrictions on High-Risk Entities

July 13, 2026
OpenAI Strengthens AI Security: Passwordless Access for Trusted Users, Tightens Restrictions on High-Risk Entities
  • OpenAI is tightening access to advanced AI capabilities, restricting them to verified, trusted users amid rising cybersecurity threats.

  • The policy focuses on qualified security researchers and organizations performing authorized defensive cyber work, such as vulnerability triage, malware analysis, detection engineering, and patch validation.

  • High‑risk entities and jurisdictions will face stricter restrictions as part of broader security measures for advanced AI capabilities.

  • Enrolled users will experience a passwordless, rapid authentication process that avoids vulnerable credentials, with a custom two‑pack option offered at preferred pricing.

  • Hardware-backed passkeys store credentials on a physical security key, preventing copying or remote extraction and reducing phishing, credential theft, and account takeover risks.

  • These hardware-backed passkeys resist copying or remote extraction unlike traditional passwords or some multi‑factor methods.

  • The solution provides phishing‑resistant authentication not easily compromised through software or cloud synchronization.

  • Sign‑in will be passwordless and not rely on copied, intercepted, or synchronized credentials; weak fallback methods can be disabled under Advanced Account Security.

  • OpenAI is offering eligible account holders a custom two‑pack (YubiKey C NFC and YubiKey C Nano) at preferred pricing to enable passwordless authentication, based on its internal use of YubiKeys.

  • Further details about the Advanced Account Security program and the YubiKey offer are available through OpenAI and Yubico’s official channels.

  • Yubico collaborates with OpenAI to provide YubiKeys and support for phishing‑resistant authentication within the Advanced Account Security program.

  • Enrollment enables passwordless authentication and aims to reduce unauthorized access to OpenAI accounts by removing dependence on potentially compromised credentials.

Summary based on 5 sources


Get a daily email with more AI stories

Sources

OpenAI requires hardware-backed passkeys for cyber access

SecurityBrief Australia • Jul 13, 2026

OpenAI requires hardware-backed passkeys for cyber access


More Stories