OpenAI Hardens Accounts as Cyber Power Draws Scrutiny

OpenAI Tightens Account Security as Scrutiny of Its Cyber Capabilities Grows

OpenAI is rolling out a new high-security login mode for ChatGPT and Codex users, part of a broader push to present itself as both a supplier of powerful cyber tools for defenders and a company trying to contain the risks that come with them.

The new feature, called Advanced Account Security, is designed for people who believe their accounts may be attractive targets for phishing or takeover attempts — a category that increasingly includes security researchers, software developers, journalists, policy officials and others using AI systems to analyze sensitive material. The company said the protections are available on an opt-in basis for higher-risk users and will become mandatory on June 1 for individual members of its Trusted Access for Cyber program who use its most capable and permissive cyber models.

The changes come at a moment when major AI companies are under mounting pressure to show that they can expand access to sophisticated models without making it easier for attackers to exploit them. In recent months, OpenAI has been widening access for vetted defenders through its cyber program even as outside evaluations have suggested that its newest systems are reaching the top tier of models tested on cybersecurity tasks.

A Harder Lock on Valuable Accounts

OpenAI said the new security mode replaces standard password-based access with phishing-resistant methods such as passkeys or physical security keys. It also disables password login and email or SMS account recovery, shortens session duration, adds login alerts and session-management tools, and excludes conversations in those protected accounts from model training automatically.

The design reflects a calculation increasingly common in high-risk security settings: convenience must give way to resilience. Passwords, text-message codes and email-based recovery have long been weak points in account protection, especially against targeted phishing campaigns. By requiring stronger authentication and sharply limiting fallback options, OpenAI is trying to reduce the odds that an attacker can seize an account that may contain sensitive prompts, code, research or vulnerability information.

That tougher posture carries a trade-off. Users who lose control of their passkeys, hardware security keys or recovery keys may find themselves locked out permanently. For a consumer internet service, that is an unusually austere approach. For accounts that may hold access to advanced cyber tools, OpenAI appears to have decided the larger danger is unauthorized entry, not customer inconvenience.

Security Product and Policy Message at Once

The account changes arrived one day after OpenAI published a broader policy statement, “Cybersecurity in the Intelligence Age,” laying out a five-part agenda for what it says should define AI-era cyber defense. The plan emphasizes expanding access to AI tools for legitimate defenders, placing tighter controls around frontier cyber capabilities, and strengthening protections for users and critical systems.

Taken together, the announcements amount to a more explicit cyber positioning from OpenAI. The company is arguing that advanced AI will become essential to defense — helping security teams identify vulnerabilities faster, automate remediation and keep pace with increasingly sophisticated threats — while also acknowledging that the same systems can assist offensive work if they are misused, improperly deployed or stolen through compromised accounts.

That balancing act has become central to the business and political strategy of frontier AI companies. They want to persuade governments and enterprise customers that their systems can improve national and corporate cyber resilience, even as regulators and outside researchers warn that those same systems may lower barriers to malicious activity.

Outside Testing Raises the Stakes

The timing of OpenAI’s announcements is notable because outside analysis has underscored how capable its latest models may be in cyber settings.

On April 30, the U.K. AI Security Institute said GPT-5.5 ranked among the strongest models it had tested on cybersecurity tasks and performed at a level similar to Anthropic’s Claude Mythos Preview in its evaluations. According to the institute, GPT-5.5 became only the second model it had tested to complete one multi-step attack simulation from start to finish.

That finding matters partly because OpenAI’s model is generally available now, unlike some highly restricted previews from rivals. It suggests that top-tier cyber capability is moving closer to mainstream deployment, even if access to the most permissive configurations remains gated.

But the evaluation also highlighted the uncertainty surrounding such tests. The institute said its work was conducted in controlled conditions that may not match what ordinary users can do with public products. It also reported uncovering a universal jailbreak for malicious cyber queries during red-teaming and said it could not verify the effectiveness of OpenAI’s final safeguard setup because of a configuration issue in the version it examined.

Those caveats do not erase the broader signal. They do, however, illustrate why companies like OpenAI are trying to harden the surrounding infrastructure — including accounts, access controls and monitoring — rather than relying only on model-level safeguards.

Broader Access, Tighter Controls

OpenAI’s latest steps build on a cyber rollout that began earlier this year. In February, the company introduced Trusted Access for Cyber, and in April it said it was expanding the program to thousands of verified defenders while offering a cyber-permissive GPT-5.4 variant for defensive use cases.

That expansion reflected a conviction, shared by many in the security industry, that defenders will need AI systems capable of advanced vulnerability discovery, code analysis and response automation. Security teams already struggle with labor shortages, software complexity and the sheer volume of potential flaws. AI tools promise to compress work that once took hours or days into minutes.

Yet the logic cuts both ways. Systems that can accelerate patching and detection may also streamline phishing, reconnaissance, exploit development or malware adaptation. In that sense, stronger account protection is not a side issue but part of the core governance problem: if an attacker can compromise a high-privilege account, they may not need to defeat every model safeguard directly.

Why This Matters Now

The significance of OpenAI’s moves lies less in any single product announcement than in the picture they form together. The company is trying to build a cyber strategy that says advanced AI should be put into the hands of trusted defenders more widely, while the channels to those tools should become narrower, more monitored and harder to hijack.

That is likely to become a template across the industry. As AI models grow more capable at practical cyber tasks, labs will face increasing demands to prove not only that they can benchmark and red-team the models, but also that they can secure the accounts, workflows and recovery systems around them.

For users at elevated risk, OpenAI’s new login regime offers stronger protection against one of the oldest attacks on the internet: tricking a person into handing over access. For policymakers and competitors, it is also a signal that the next phase of the AI cyber race may be defined not just by how powerful the models are, but by how credibly companies can control who gets to use them — and what happens when someone tries to steal the keys.

Sources

Further reading and reporting used to add context:

AI News