OpenAI and Yubico have entered into a strategic partnership to bring phishing-resistant, hardware-backed authentication to ChatGPT users. A security key such as the YubiKey offers the most secure hardware-backed passkey and protects accounts from credential theft and impersonation, increasing security for their account and the sensitive data it holds. Together, OpenAI and Yubico are committed to safeguarding users and preventing attackers from logging in, even in the face of increasingly sophisticated cyberthreats.
This industry-first collaboration delivers a new, custom 2-pack set of YubiKeys to existing users as part of OpenAI’s Advanced Account Security program: the YubiKey C NFC – OpenAI and YubiKey C Nano – OpenAI at preferred pricing.
Next, let’s break it down and why enterprises should pay attention.
It’s not just about authentication – human authorization is critical to safely unlock the power of AI
By integrating Yubico’s phishing-resistant security keys into OpenAI’s ecosystem, users now have stronger protection during the account login ceremony into an AI account. For an enterprise, every user is part of the attack surface and equipping users with the strongest form of passkeys found in hardware security keys makes everyone a phishing-resistant user, leading to a truly phishing-resistant and protected organization.
But what about securing high-consequence AI-driven actions by seamlessly verifying human intent? That’s something every business should be thinking about as well as they go rapidly towards agentic AI-driven workflows. One of the ways to unlock the power of AI is to ensure accountability and governance in the emerging workflows, and to ensure that a verified human authorizes actions at key points in the workflow.
To bridge this accountability gap, organizations need more than standard software-based controls, which can be too easily bypassed, impersonated or automated. As such, incorporating a “Human intent” selectively will be critical – not to put a “human in the way” of innovation, but to ensure that high-consequence agentic actions are explicitly and safely approved. Hardware-backed authentication – i.e. FIDO2 with device-bound credentials like the YubiKey – is fundamentally different from software-based authentication because the private key never leaves the physical device; there is no software path to extract it.
While the OpenAI and Yubico partnership reinforces the shift in the industry towards improving user security during the authentication ceremony into AI accounts, Yubico continues to drive innovation around verified human-in-the-loop authorization for agentic AI actions working closely with the broader AI ecosystem, through a range of strategic partnerships.
Through Yubico’s Role Delegation Token (RDT) architecture, we are pioneering a cryptographic, hardware-rooted authorization chain. By requiring a physical YubiKey tap to sign an approval, human intent is binded directly to the AI agent’s execution context. If there is any environmental drift or scope widening between the time of approval and execution, the system detects it and forces an authorization.
The power of AI is incredibly high, but global trust in AI currently has room for improvement. A highly effective way to enhance security and assurance for modern ways of working is through hardware-backed authorization. Our partnership with OpenAI represents a vital first step forward in enhancing security for AI – ensuring trusted logins into AI accounts. And as the autonomous enterprise emerges, Yubico stays focused on ensuring that AI can operate at machine speed while remaining firmly anchored to verified human “touch” using the hallmark capabilities of the YubiKey
For more information on Yubico’s partnership with OpenAI and accessing the new keys for your ChatGPT accounts today, visit the press release here or https://chatgpt.com/advanced-account-security
