OpenAI just rolled out Advanced Account Security (AAS), an opt-in set of protections built for ChatGPT users who can’t afford to get phished. According to TechCrunch AI, the launch came Thursday alongside a partnership with Yubico, the hardware security key maker, which is releasing two co-branded keys tied directly to ChatGPT accounts. TechCrunch AI reports the move targets high-value users first but stays open to anyone who wants the extra wall around their account.
What stands out here is the audience OpenAI is naming out loud. The company points to political dissidents, journalists, researchers, and elected officials as the core users for AAS. That’s a pretty pointed list. It tells you OpenAI now treats ChatGPT sessions the way email providers treat inboxes for activists and reporters: a target worth protecting at the hardware level.
What launched
- Advanced Account Security (AAS). An opt-in security tier for ChatGPT accounts. Built around stronger sign-in protections and hardware-key support. Available to any user, not just enterprise.
- Two co-branded YubiKeys. The YubiKey C NFC and the YubiKey C Nano. Both can be linked to a ChatGPT account and used to log in via USB or NFC. The cryptographic key lives on the device, so only the person holding it can authenticate.
- A new digital defense framework. OpenAI announced this separately, just before the Yubico news, signaling that account security is now part of a broader product push, not a one-off feature.
How it works
Security keys are small bits of hardware that plug into a USB port or tap via NFC. A unique cryptographic identifier lives on the key itself. Phishing pages can’t grab it the way they grab passwords or one-time codes, because the key only signs in to the legitimate domain it was registered with. That’s the whole point: a stolen password is useless without the physical device sitting in your pocket.
For users who keep sensitive material in ChatGPT (research notes, source conversations, internal company strategy, draft reporting), this closes one of the obvious attack surfaces. Yubico CEO Jerrod Chong said in the release the goal is to “drastically reduce the threat of unauthorized access to sensitive data in OpenAI accounts worldwide.”
Why it matters now
Chatbot accounts have quietly become rich targets. People dump everything into them: financial details, medical questions, work documents, private drafts. TechCrunch AI notes a growing body of research showing attackers are now actively going after chatbot users for extortion-worthy material. The intimacy of these conversations is exactly what makes them valuable to criminals.
There’s also a competitive angle. A few weeks back, Anthropic launched Mythos, a cybersecurity-focused model. OpenAI’s flurry of security announcements (the framework, the Yubico deal) reads like a response. Both labs are now competing on trust and safety as a feature, not just on raw capability.
The tradeoff to know about
The stronger lock comes with a sharper edge. If you turn on AAS and lose your security key, OpenAI won’t recover the account for you. That means conversations, custom GPTs, memory, and history could be gone for good. This is the standard hardware-key bargain, and it’s the right call for security, but worth flagging before anyone enrolls without a backup key.
The practical recommendation: buy two keys. Register both. Store one somewhere safe. Yubico has been preaching this for years and it applies cleanly here.
Who should care
- Journalists and researchers working with sensitive sources or unpublished material.
- Activists and dissidents in regions where account compromise carries real-world risk.
- Enterprise users whose ChatGPT sessions touch internal strategy, code, or customer data.
- Anyone running a public profile where a leaked conversation could become a story.
For casual users, AAS is overkill. For everyone above, this is the first time ChatGPT account security has matched the threat model. More details at the original source.