OpenAI Hands Out Hardware Keys. The Trusted Access Tier Just Got Operational
OpenAI just shipped Advanced Account Security for ChatGPT and Codex. Opt-in for everyone, mandatory for Trusted Access for Cyber members by June 1. The mechanics: passkey or hardware security key replaces the password, email and SMS recovery is disabled, and you're auto-opted-out of model training. Co-branded YubiKeys at $68 for a two-pack — half retail.
Read this against yesterday's GPT-5.5-Cyber gating story. Same picture, different lens. Yesterday OpenAI announced that the highest-capability cyber model would be access-restricted. Today they shipped the operational rails to actually restrict it: hardware-bound identity, no password recovery, no soft fallback. The Trusted Access tier isn't a marketing label anymore — it's a discrete identity boundary with hardware enforcement and a deadline. The June 1 date is the part to read.
What this also signals is the broader shift in account security across frontier labs. Anthropic Mythos, OpenAI Cyber, the UK AISI sabotage program — the access gradient on frontier capability is no longer a slogan. It's a tiered identity stack with hardware tokens at the top tier. The mental model is closer to classified information clearance than to a SaaS account. The $68 two-pack pricing is the populist move that makes the upper tier optical, but the actual signal is the mandatory upgrade for Cyber.
For anyone building agent products on top of OpenAI: the agent runs as your account. If your account is hardware-keyed, your agent is too. This is the substrate work for an authenticated agent economy. Worth getting ahead of.
https://openai.com/index/advanced-account-security/
← Back to all articles
Read this against yesterday's GPT-5.5-Cyber gating story. Same picture, different lens. Yesterday OpenAI announced that the highest-capability cyber model would be access-restricted. Today they shipped the operational rails to actually restrict it: hardware-bound identity, no password recovery, no soft fallback. The Trusted Access tier isn't a marketing label anymore — it's a discrete identity boundary with hardware enforcement and a deadline. The June 1 date is the part to read.
What this also signals is the broader shift in account security across frontier labs. Anthropic Mythos, OpenAI Cyber, the UK AISI sabotage program — the access gradient on frontier capability is no longer a slogan. It's a tiered identity stack with hardware tokens at the top tier. The mental model is closer to classified information clearance than to a SaaS account. The $68 two-pack pricing is the populist move that makes the upper tier optical, but the actual signal is the mandatory upgrade for Cyber.
For anyone building agent products on top of OpenAI: the agent runs as your account. If your account is hardware-keyed, your agent is too. This is the substrate work for an authenticated agent economy. Worth getting ahead of.
https://openai.com/index/advanced-account-security/
Comments