OpenAI announced the launch of a new security plan called "Advanced Account Security (AAS)" for ChatGPT users, marking the company's beginning to strengthen account protection more systematically. This feature is optional and is designed for "high-value target users", but in theory any user willing to increase the security level of their account can use it.

As part of this plan, digital security company Yubico announced a partnership with OpenAI to bind two new hardware security keys directly to the ChatGPT account system to defend against the growing phishing threat. Yubico said that this cooperation aims to help users prevent attack scenarios that steal chatbot accounts through phishing means.

The two companies will launch a pair of "co-branded" YubiKey products, named YubiKey C NFC and YubiKey C Nano. OpenAI said that AAS is particularly suitable for groups such as political dissidents, journalists, researchers, and elected officials who perform high-risk, politically sensitive work, and is also suitable for enterprise users to protect their trade secrets saved in ChatGPT sessions. "Our goal is to significantly reduce the risk of unauthorized access to OpenAI accounts worldwide," Yubico CEO Jerrod Chong said in a press release announcing the partnership.

The so-called security key is a small hardware device that can be bound to a digital account and is generally used through the USB interface of a computer. Each key has a unique cryptographic identification inside it. Only the person who actually holds the device can log in to the corresponding account, thus adding a strong physical line of defense in addition to the password.

Although the risk of "ChatGPT account phishing" still sounds a bit abstract to many ordinary users, more and more studies and reports have shown that cybercriminals are setting their sights on chatbot platforms. Because so many users reveal sensitive business information or private details in their conversations, once these conversations fall into the wrong hands, they can become fodder for blackmail, fraud, or further attacks.

Digital security is also becoming a new focus across the AI ​​industry. A few weeks ago, Anthropic just released a network security model called Mythos, trying to explore the application of AI on both offense and defense. In order not to be left behind on this issue, OpenAI has recently released a number of initiatives related to network defense, including the launch of a digital security framework for the "intelligent era". This cooperation with Yubico is the latest part of its security strategy.

Of course, although enabling hardware security keys can significantly improve account security, it also brings trade-offs in practical use: Once the user loses the key, OpenAI will not be able to help them retrieve account access. In other words, once the account bound to the security key is "lost in the real world", the corresponding ChatGPT session records and account data may also disappear permanently.