Back

OpenAI Mandates Passkeys for Enhanced AI Model Security

Severity: Low (Score: 27.9)

Sources: Feeds2.Feedburner, cts.businesswire.com, Markets.Ft

Published: 2026-06-01 · Updated: 2026-06-01

Keywords: cyber, yubico, partners, openai, support, passkey, mandate

Summary

On June 1, 2026, OpenAI announced a requirement for users in its Trusted Access for Cyber (TAC) program to implement passkeys for accessing its most powerful AI models. This initiative, in partnership with Yubico, aims to enhance security through hardware-backed authentication. The mandate reflects a shift from traditional password-based security to a more robust cryptographic approach, emphasizing the importance of user identity in managing AI capabilities. Albert Biketi, Yubico's chief product and technology officer, highlighted the critical nature of this security measure as AI systems evolve into more autonomous agents. The requirement is expected to impact developers and organizations utilizing OpenAI's advanced models, making passkeys essential for protecting sensitive codebases and preventing unauthorized access. Key Points: • OpenAI mandates passkeys for TAC program users starting June 1, 2026. • The initiative aims to enhance security for accessing powerful AI models. • Yubico's hardware-backed authentication is central to this new security requirement.

Detailed Analysis

**Impact** Individuals enrolled in OpenAI’s Trusted Access for Cyber (TAC) program with access to its most powerful AI models are affected by this mandate. This includes developers and cyber defenders working with sensitive AI codebases and autonomous agents like Codex. The mandate aims to prevent unauthorized access and manipulation of AI environments, impacting global users involved in AI research and development, particularly those handling high-consequence AI capabilities. **Technical Details** The security enhancement requires the use of hardware-backed passkeys, such as YubiKeys, for authentication. This approach replaces traditional password-based security with phishing-resistant, cryptographic authentication methods. No specific attack vectors, malware, CVEs, or infrastructure details are provided in the articles. The focus is on preventing account takeovers at the authentication stage by enforcing Advanced Account Security (AAS). **Recommended Response** Organizations and individuals with access to sensitive AI models should immediately enable hardware-backed passkeys as part of their Advanced Account Security settings. Security teams should prioritize deploying and enforcing phishing-resistant authentication methods, such as FIDO2-compliant hardware keys, to protect high-value AI development accounts. Monitoring for unauthorized access attempts and ensuring compliance with the new mandate are critical. No additional technical detection or patching guidance is provided in the source materials.

Source articles (7)

  • Yubico Partners with OpenAI to Support Passkey Mandate for its Trusted Access for Cyber ... — Markets.Ft · 2026-06-01
    Passkeys anchor the transition to phishing-resistant authentication, empowering cyber defenders and Codex developers to secure the most powerful AI models and codebases STOCKHOLM & SANTA CLARA, Calif.…
  • Yubico Partners with OpenAI to Support Passkey Mandate for its Trusted Access for Cyber ... — Markets.Ft · 2026-06-01
    Passkeys anchor the transition to phishing-resistant authentication, empowering cyber defenders and Codex developers to secure the most powerful AI models and codebases STOCKHOLM & SANTA CLARA, Calif.…
  • OpenAI requires stronger authentication for users of its most powerful AI models — Feeds2.Feedburner · 2026-06-01
    Yubico announced its significant role in securing the AI frontier as OpenAI mandates the use of passkeys for individuals that are part of their Trusted Access for Cyber (TAC) program. As a leading glo…
  • Trusted Access for Cyber (TAC) — cts.businesswire.com · 2026-06-01
  • Advanced Account Security (AAS) — cts.businesswire.com · 2026-06-01
  • Trusted Access for Cyber (TAC) — cts.businesswire.com · 2026-06-01
  • Advanced Account Security (AAS) — cts.businesswire.com · 2026-06-01

Timeline

  • 2026-06-01 — OpenAI mandates passkeys for TAC users: OpenAI requires passkeys for individuals in its Trusted Access for Cyber program to enhance security for accessing its advanced AI models.
  • 2026-06-01 — Yubico partners with OpenAI: Yubico announces its role in securing AI workflows through hardware-backed passkeys as part of OpenAI's new security measures.
  • 2026-06-01 — Advanced Account Security requirement begins: Individuals with access to OpenAI's most powerful AI models must enable Advanced Account Security as part of the new mandate.

Related entities

  • Phishing (Attack Type)
  • businesswire.com (Domain)
  • yubico.com (Domain)
  • [email protected] (Email)
  • Codex (Tool)
  • Fido2 (Platform)
  • FIDO U2F (Platform)
  • WebAuthn (Platform)
  • YubiKey (Platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed