Skip to content
July 12, 2026
  • Linkedin
  • Twitter
  • Facebook
  • Youtube

Daily CyberSecurity

Zero-hour alerts. Unmatched analysis.

Primary Menu
  • Home
  • CVE Data
    • CVE Watchtower
    • Top Exploited CVEs
    • CVE Stats by Vendor
    • Q2 2026 Report
  • Cyber Criminals
  • Data Leak
  • Linux
  • Malware
  • Vulnerability
  • Submit Press Release
  • Vulnerability Report
Light/Dark Button
  • Home
  • News
  • Technology
  • OpenAI Introduces Advanced Account Security to Safeguard AI Identities
  • Technology

OpenAI Introduces Advanced Account Security to Safeguard AI Identities

Do Son May 4, 2026 3 minutes read
0
OpenAI Advanced Account Security Phishing-Resistant AI Authentication OpenAI Codex Security AI Application Security
Add Daily CyberSecurity as a preferred source on Google

In an era where AI interactions hold increasingly sensitive personal and professional context, OpenAI has announced the launch of Advanced Account Security, a new opt-in suite of heightened protections for ChatGPT and Codex accounts. Designed for high-risk users—including journalists, elected officials, and researchers—this initiative aims to set a new gold standard for phishing-resistant authentication in the AI space.

As ChatGPT moves to the “center of connected tools and workflows,” the stakes for account security have reached an all-time high. OpenAI recognizes that for many, an account takeover is no longer just a privacy breach but a systemic risk to sensitive projects.

Key features of the Advanced Account Security suite include:

  • Mandatory Phishing Resistance: The setting requires the use of passkeys or physical security keys, effectively disabling password-based logins.
  • Tightened Recovery Windows: To prevent attackers from exploiting compromised email or phone numbers, OpenAI is disabling email and SMS-based recovery.
  • Automatic Data Privacy: For those handling high-stakes data, conversations from these accounts are automatically excluded from model training.
  • Session Management: Sessions are shortened to “reduce the window of exposure if a device or active session is compromised.”

As the OpenAI blog notes, “Increased protection of Advanced Account Security comes with an increased responsibility for account recovery.”

Because recovery is restricted to backup passkeys and hardware keys, OpenAI Support will be unable to assist users who lose access to their primary secure methods.

To lower the barrier for adopting hardware-based authentication, OpenAI has partnered with Yubico. This collaboration provides users with preferred pricing on customized security key bundles, including the YubiKey C Nano for low-friction daily use and the YubiKey C NFC for mobile and backup capabilities.

While this bundle is launched alongside the Advanced suite, it is available to all eligible users in their security settings, encouraging a platform-wide shift toward phishing-resistant habits.

The security push extends beyond individual choice for those in OpenAI’s specialized programs. Members of Trusted Access for Cyber—who have access to the most capable and permissive models—will be required to enable Advanced Account Security starting June 1, 2026.

Organizations can alternatively attest that they utilize phishing-resistant authentication within their existing Single Sign-On (SSO) workflows to meet this requirement.

OpenAI’s latest move reflects its transition into “core infrastructure for AI,” where intelligent systems are reshaping how businesses operate. By embedding these controls now, the company aims to ensure that as AI becomes more deeply integrated into daily life, users retain the necessary controls to protect their privacy and security.

Users interested in these elite-level protections can enroll in Advanced Account Security via the Security section of their ChatGPT account on the web starting today.

Get Zero-Hour Vulnerability Alerts

Critical CVEs, CVSS scores, and PoC updates — straight to your inbox every week.


We respect your inbox. Unsubscribe anytime.

Related coverage

  • Claude 4 AI’s Dark Side: ‘Whistleblowing Mode’ and Blackmail Attempts Uncovered
  • Europol took down a largest DDoS-for-hire website
  • Google releases TensorFlow.js to bring machine learning to the browser
  • The Sovereignty of Content: Google Unveils AI Overview Opt-Out Controls
  • Meta Teams Up with AI Art Powerhouse Midjourney to Supercharge Its Creative Tool
Track all actively exploited CVEs →

Support Our Threat Intelligence

If you find our CVE report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee Logo Buy Me a Coffee PayPal
Crypto QR Code
USDT (TRC20):
TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm
USDT (ERC20):
0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce

Share this article:

Facebook Post LinkedIn Telegram
Written by
@DdoS · Security Researcher

Do Son

Do Son is the Founder and Editor of SecurityOnline.info. Working in cybersecurity since 2013, he reports on vulnerabilities, malware, and emerging threats, providing timely analysis to help organizations and individuals stay ahead of evolving risks.

Tags: Advanced Account Security AI Privacy ChatGPT cybersecurity infosec MFA OpenAI Passkeys Phishing Resistance Trusted Access for Cyber Yubico

Leave a Reply Cancel reply

You must be logged in to post a comment.

Search

Translation

CVE WATCHTOWER
🚨

Receive alerts for vulnerabilities being exploited in the wild.

⚡

Get notified instantly when a Proof of Concept (PoC) exploit is published.

🔍

Access critical info on vulnerabilities even when marked as "RESERVED".

🧠

Insights powered by decades of expertise and global intelligence sources.

🎯

Customize alerts with up to 10 keywords for your specific tech stack.

📊

Export the raw CVE database for SIEM integration and reporting.

Upgrade Package

🚨 Active Exploits in the Wild

  • CVE-2026-1207CVSS 5.4
    An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. Raster lookups on...
    Admin intel📅 Updated: Jul 10, 2026
  • CVE-2026-48939CVSS 10.0
    A vulnerability in the iCagenda extension for Joomla allows the upload of arbitrary files in the file attachment...
    CISA KEV📅 Added to KEV: Jul 10, 2026
  • CVE-2026-56291CVSS 10.0
    The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files...
    CISA KEV📅 Added to KEV: Jul 10, 2026
  • CVE-2026-55255CVSS 8.4
    Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.1, an Insecure Direct...
    CISA KEV📅 Added to KEV: Jul 7, 2026
  • CVE-2026-48908
    A vulnerability in SP Page Builder for Joomla allows unauthenticated users to upload arbitrary files, ultimately resulting in...
    CISA KEV📅 Added to KEV: Jul 7, 2026
  • CVE-2026-56290
    The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable...
    CISA KEV📅 Added to KEV: Jul 7, 2026
  • CVE-2026-20896CVSS 9.8
    Gitea Docker image: `REVERSE_PROXY_TRUSTED_PROXIES = *` default lets any source IP impersonate any user via `X-WEBAUTH-USER`
    Admin intel📅 Updated: Jul 6, 2026
  • CVE-2026-48282CVSS 10.0
    ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted...
    Admin intelCISA KEV📅 Added to KEV: Jul 7, 2026📅 Updated: Jul 3, 2026
Powered by CVE Watchtower

🔴 Live Critical Threats

  • CVE-2026-56271CVSS 9.8
    Flowise before 3.1.0 (affected versions 3.0.13 and earlier) uses weak hardcoded default...
  • CVE-2026-56260CVSS 9.1
    Crawl4AI before 0.8.7 contains an arbitrary file write vulnerability in the Docker...
  • CVE-2026-61447CVSS 10.0
    PraisonAI before 1.6.78 contains a remote code execution vulnerability in CodeAgent._execute_python() that...
  • CVE-2026-61445CVSS 9.9
    PraisonAI before 4.6.78 contains arbitrary file write and command execution vulnerabilities in...
  • CVE-2026-60090CVSS 9.8
    PraisonAI before 4.6.78 fails to validate the caller-controlled dimension argument in the...
  • CVE-2026-57827CVSS 10.0
    The Joomla extension RSFiles is vulnerable to an unauthenticated arbitrary file upload...
  • CVE-2026-57828CVSS 9.0
    The Joomla extension Phoca Downloads is vulnerable to an authenticated arbitrary file...
  • CVE-2026-14480CVSS 9.9
    OpenPLC Runtime v3 contains an authenticated arbitrary file write vulnerability in the...
  • CVE-2026-20744CVSS 9.8
    The charging station websocket endpoint accepts connections without proper authentication, which could...
  • CVE-2026-57807CVSS 9.8
    Authentication Bypass Using an Alternate Path or Channel vulnerability in miniOrange Security...
Powered by CVE WATCHTOWER

Our Websites
  • Penetration Testing Tools
  • The Daily Information Technology
  • Top Exploited CVEs
  • Daily CyberSecurity

    • About SecurityOnline.info
    • Advertise with us
    • Announcement
    • Contact
    • Contributor Register
    • Login
    • Disclaimer
    • DCMA
    • Privacy Policy
    • About SecurityOnline.info
    • Advertise on SecurityOnline.info
    • Contact Us

    When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works

    • CVE Watchtower
    • CVE Statistics by Vendor 2026
    • Q2 2026 Report
    • Top Exploited CVEs
    • Linkedin
    • Twitter
    • Facebook
    • Youtube
    © 2017 - 2026 Daily CyberSecurity. All Rights Reserved.