OpenAI will require hardware-backed passkeys for access to advanced cyber models
Hardware-backed passkeys store authentication credentials on a physical security key rather than in software or cloud-based systems

Image by Cybernews.
- OpenAI now requires hardware-backed passkeys for Trusted Access for Cyber program members using GPT-5.6
- Members who skip the passkey setup by September 1st lose access to advanced cyber-focused AI models
- Yubico's YubiKeys offer phishing-resistant security, unlike SMS codes or mobile push notifications
In elite AI, security is crucial. Anthropic, for instance, is accusing Chinese firms of industrial-scale intellectual property theft. Now, OpenAI will require hardware-backed passkeys for members of its Trusted Access for Cyber program.
Back in April, as it rushed to keep up with Anthropic’s Mythos, OpenAI also released a cybersecurity-focused AI model and boasted that it was scaling up its Trusted Access for Cyber (TAC) program to thousands of verified individual defenders and hundreds of teams responsible for defending critical software.
Similarly, though, AI is being used by attackers looking to cause harm and render many current cybersecurity defenses obsolete.
Physical security key
That’s why verification is crucial. To that end, OpenAI has scrambled to ensure that members of the TAC program who access the tools – specifically GPT‑5.6 – are who they say they are.
Members who do not enable OpenAI's Advanced Account Security with a hardware-backed passkey by September 1st will revert to default model access, according to details released with the policy change.
Has your password leaked?
Hardware-backed passkeys store authentication credentials on a physical security key – it’s like a USB stick – rather than in software or cloud-based systems.
In theory, this means that the credentials can’t be copied or remotely extracted in the same way as passwords or some other forms of multi-factor authentication.
OpenAI’s partner in this initiative is Yubico, a cybersecurity company that designs hardware authentication devices called YubiKeys.
The move reflects a shift across AI companies towards stronger account protection, said the firm whose products are already used by OpenAI internally. After all, most advanced models may pose greater risks if accessed by unauthorized users.
True security requires a phishing-resistant, hardware-backed root of trust built on credentials that cannot be copied or synced,Jerrod Chong
“When the stakes are this high, organizations can no longer rely on software-based controls or legacy multi-factor authentication, both of which are easily bypassed or intercepted,” said Yubico CEO Jerrod Chong.
“True security requires a phishing-resistant, hardware-backed root of trust built on credentials that cannot be copied or synced.”
Traditional protections can be manipulated
Criminal groups and other threat actors are increasingly using phishing kits, social engineering, and account resale markets to gain access to online services.
Compromised accounts can be used not only to access data but also to exploit trusted-user status within systems that restrict access to more sensitive tools.
Stay updated with our latest stories and follow us on social media
Be the first to discover new stories, ideas, and updates from our team.
The risk is even greater in cybersecurity settings where approved users may handle malware samples, test detections, validate vulnerabilities, and examine patches.
Since traditional protections such as SMS codes and mobile push notifications can be intercepted, redirected, or manipulated, it seems OpenAI has decided to act. Here’s how it works:
America’s adversaries are curious about US AI labs, the State Department said in April. According to Reuters, it sent a warning about “widespread efforts” by Chinese companies to steal intellectual property from American AI firms.
In late June, Anthropic indeed said that Chinese tech giant Alibaba has conducted an “industrial-scale” campaign to illicitly extract capabilities from its Claude AI models.
Alibaba has denied these accusations. Anthropic soon had to confirm it had been using hidden code in Claude Code to detect Chinese users – precisely to prevent distillation attempts by Chinese AI labs.