OpenAI, a company whose early security practices drew repeated criticism from researchers, now believes some of its users face nation-state cyber threats serious enough to warrant hardware keys. On Wednesday, the company launched Advanced Account Security—an opt-in program offering Yubico security keys and phishing-resistant authentication to ChatGPT and Codex users deemed at elevated risk of targeting.
The timing is notable. For years, OpenAI dismissed security concerns as overblown. Now it is quietly acknowledging that foreign intelligence services have shown interest in AI researchers working at the frontier. The Yubico partnership—YubiKeys are the gold standard for government and enterprise authentication—signals that this threat is not hypothetical.
The program targets what OpenAI calls "at-risk users": researchers, developers, and employees whose accounts contain valuable model interactions, proprietary code, or sensitive research data. These users can now register a physical YubiKey, receive it by mail, and use it as their primary login credential. Unlike authenticator apps or SMS codes, hardware keys cannot be phished through convincing fake login pages—a technique increasingly used against high-value targets.
The security upgrade comes with recovery safeguards often absent from enterprise security suites. Users who lose their hardware key can restore access through a verified backup process, addressing a common frustration with hardware-based authentication. OpenAI says the keys are free for qualifying users, though the company declined to specify the criteria for inclusion or how many accounts it expects to enroll.
The move mirrors steps already taken by competitors. Anthropic and Google have both introduced enhanced protections for researchers working on sensitive capabilities. What distinguishes OpenAI's approach is the explicit acknowledgment that AI developers face threats beyond ordinary cybercrime—and that a consumer-grade product like ChatGPT now requires government-grade defenses.
Not everyone is convinced this is sufficient. Security researchers note that hardware keys protect only the login step. Conversations with AI models, uploaded documents, and API interactions remain vulnerable to other attack vectors. A researcher whose laptop is compromised could still expose years of prompts and research context, regardless of how robust their authentication may be.
Still, the partnership with Yubico marks a threshold. OpenAI is no longer treating security as an afterthought or a feature for enterprise customers only. It is treating AI researchers as targets—and investing accordingly. For a company that spent years fighting perceptions it prioritized capability over caution, the shift is significant. The question now is whether competitors move to match it, and whether the hardware key program expands beyond its current pilot scope.