OpenAI requires stronger authentication for users of its most powerful AI models

Yubico announced its significant role in securing the AI frontier as OpenAI mandates the use of passkeys for individuals that are part of their Trusted Access for Cyber (TAC) program.

As a leading global AI research and development company, OpenAI is setting a precedent for empowering its users to take control of their own security posture with more secure authentication options. Starting June 1, 2026, individuals in TAC with access to OpenAI’s most powerful and permissive AI models will be required to enable Advanced Account Security (AAS).

This mandate signals a new industry precedent: when working with agents, sensitive codebases, and powerful cybersecurity capabilities in frontier models, proven security protection like hardware-backed passkeys are no longer optional – they are the essential circuit breaker for the AI frontier.

“We are in an era where AI can analyze vulnerabilities and act on our behalf. In that world, the only thing more powerful than the AI itself is the identity of the person controlling it,” said Albert Biketi, chief product and technology officer, Yubico.

“OpenAI’s mandate is a pivotal moment, moving the industry away from ‘probabilistic’ security – where we hope a password is strong enough – to a cryptographic certainty that only hardware can provide. Yubico applauds OpenAI’s ‘security by default’ approach by enforcing rigorous security through passkeys, such as a hardware security key, for users who need it most,” added Biketi.

Hardware-backed AI security matters: How Yubico anchors OpenAI’s TAC program

As AI evolves into autonomous agents like Codex, developer accounts become high-consequence control points. A breach now means unauthorized code access and environment manipulation. OpenAI’s new mandate allows users to modernize their security posture through:

A higher level of protection for TAC: Utilizing passkeys, including hardware-backed passkeys like YubiKeys, provide the phishing-resistant, hardware-backed protection required for the AAS program.

Enterprise attestation: Organizations can meet OpenAI’s standards by integrating Yubico’s phishing-resistant authentication into their SSO workflows.

Zero-knowledge recovery: With OpenAI removing manual account resets, Yubico’s “Primary and Backup” bundles ensure users maintain mission-critical access.

Verifying human intent: The physical “tap” of a YubiKey acts as a vital circuit breaker, ensuring high-consequence AI actions are authorized by a verified human.

This mandate builds on the Yubico and OpenAI partnership to deliver hardware-backed security to the builders of the AI future.