The industry often speaks about “moving at the speed of AI” – a concept that presents two conflicting sides of the same coin. While global AI adoption empowers defenders to identify and remediate vulnerabilities faster than ever, it simultaneously arms attackers with sophisticated tools to exploit digital infrastructure. As AI transitions from simple chatbots to autonomous agents like Codex that are capable of complex reasoning and code generation, the industry’s focus must shift to improving security for Codex users.
For users of Codex, the ChatGPT account has increasingly become a high-consequence control point. Codex isn’t just answering questions, it can:
- Access repositories
- Write and modify code
- Run tests and commands
- Open pull requests
- Interact with developer environments and workflows
All of this changes the risk model completely. And therefore, protecting developer identities, source code access, AI-assisted workflows and privileged actions performed by agents is critical.
To address these emerging threats, OpenAI recently launched its Advanced Account Security (AAS) program – a critical step in protecting the builders of our AI-driven future. This included partnering with Yubico to bring phishing-resistant, hardware-backed authentication to ChatGPT users through custom YubiKeys. Now, individual members of OpenAI’s Trusted Access for Cyber (TAC) accessing their most cyber capable and permissive models will be required to enable Advanced Account Security beginning June 1, 2026.
For the first time, one of the world’s most influential AI platforms is mandating a higher bar for security – not just for their internal teams, but for their most high-stakes users. For Codex users this program empowers users to use passkeys and physical security keys, such as YubiKeys, as one of the strongest defenses against phishing. This isn’t just another MFA update; it’s a fundamental shift in how Codex users protect the code that will run the next generation of software.
In this post, we’ll break down the top five things Codex users need to know about these updates and how leveraging a YubiKey can provide the highest level of defense against AI-enhanced phishing and account takeovers.
1. Why it matters for developers and Codex users
Under OpenAI’s Advanced Account Security program, traditional passwords and weak, legacy MFA are no longer just discouraged – they are completely disabled. For Codex users, this is a critical defensive move against sophisticated cyber threats. Developers are frequent targets of sophisticated phishing campaigns designed to steal credentials and gain access to proprietary repositories or AI fine-tuning environments.
By requiring passkeys like hardware security keys, OpenAI is moving to a non-probabilistic trust model. You aren’t “probably” secure because you have a complex password; you are cryptographically secure because the authentication is bound to a physical device.
2. Account recovery is now a “zero-knowledge” responsibility
One of the most radical technical changes in this program is the removal of the human element in account recovery. Standard email and SMS recovery – the “weakest links” in modern social engineering – are eliminated. What this means is that OpenAI’s support team will no longer have the ability to reset AAS accounts manually.
This significantly reduces the risk of social engineering attacks against OpenAI’s own help desk, while shifting recovery to the user. For developers using security keys, they must ensure they have a redundant recovery path in place – including having a backup YubiKey stored in a secure location.
3. Session integrity and shortened windows
Even with the strongest login, session hijacking remains a persistent threat. To combat this, AAS significantly shortens active session lengths. For Codex users who may be running long-running agentic sessions or complex prompts, this means more frequent re-authentication.
Re-authentication is a vital safeguard against session token theft. It ensures that the “human intent” behind the session is verified more frequently, preventing an attacker from riding an open session long after the legitimate user has stepped away.
4. Automatic training exclusion for sensitive IP
For those using Codex to build proprietary systems, privacy is as important as security. A key technical feature of this new security tier is that it automatically opts users out of AI model training.
In the past, privacy and security were often managed in silos. By linking the highest level of account protection to the highest level of data privacy, OpenAI has created a “secure-by-default” environment. Your conversations and code snippets are not only protected from unauthorized access – but are contractually excluded from OpenAI’s training pipeline.
5. Anchoring AI to human intent with YubiKeys
The most effective way to benefit from OpenAI’s TAC and AAS program is through phishing-resistant hardware-backed passkeys, such as hardware security keys like the YubiKey. After trusting YubiKeys to secure its employees, OpenAI has partnered with Yubico to provide custom YubiKey bundles specifically for this program because they recognize a fundamental truth. Hardware-backed authentication is fundamentally different from software-based authentication because the private key never leaves the physical device; there is no software path to extract it.
Dane Stuckey, chief information security officer at OpenAI, explained the significance of YubiKeys in today’s environment:
“Security keys are one of the best ways to protect accounts from phishing, and Yubico has played a leading role in making that protection practical and accessible. We’ve made YubiKeys a standard part of how we protect OpenAI employees, and with Advanced Account Security, we’re making it easier for ChatGPT users to choose that same kind of phishing-resistant protection when it’s right for them.”
For Codex users, a YubiKey doesn’t just act as a login tool; it acts as a Human-in-the-Loop circuit breaker. When you tap that key, you are cryptographically binding your physical intent to the AI’s execution context.
Balancing continued AI innovation with strong security
We are in an era where AI is beginning to write code, analyze vulnerabilities, and soon, act on our behalf. In that world, the only thing more powerful than the AI itself is the identity of the person controlling it.For more information on Yubico’s partnership with OpenAI and how to access the custom YubiKey bundles for your account, visit OpenAI’s Advanced Account Security page.
