SecurityBrief India - Technology news for CISOs & cybersecurity decision-makers
India
OpenAI & Yubico launch phishing-resistant YubiKeys
Data Protection Digital Transformation MFA

OpenAI & Yubico launch phishing-resistant YubiKeys

Fri, 1st May 2026 (Today)
Mark Tarre
MARK TARRE News Chief

OpenAI and Yubico have launched a customised two-pack of YubiKeys for OpenAI users as part of OpenAI's Advanced Account Security programme.

The set is aimed at ChatGPT users who want phishing-resistant hardware keys to secure their accounts. It includes a YubiKey C NFC for mobile authentication and a YubiKey C Nano designed to stay plugged into a laptop for routine use.

Sold as a two-pack with OpenAI branding, the keys are intended for people at greater risk of targeted digital attacks and are built around hardware-backed passkeys.

The launch brings to users a security measure OpenAI already uses internally to protect employees and infrastructure against phishing attempts.

Security keys are widely regarded as one of the strongest forms of account protection because they rely on possession of a physical device rather than codes sent by text message or generated in an app. Their use has grown as companies try to reduce account takeovers linked to phishing and credential theft.

OpenAI's move comes as generative AI platforms draw growing attention from attackers seeking access to user accounts, prompts and stored data. The partnership reflects broader efforts by technology companies to offer stronger account controls to people handling sensitive information.

Security push

Yubico, a Swedish cybersecurity company known for its YubiKey products, has long focused on authentication methods based on standards such as FIDO2 and WebAuthn. Its products are used in more than 160 countries and have become a common option for organisations seeking stronger login protections.

For OpenAI, the arrangement adds a hardware option to its account protection measures and creates a dedicated package for customers seeking a higher level of defence. Existing OpenAI account holders are being offered the keys at a discounted price.

Jerrod Chong, chief executive of Yubico, described the partnership as an effort to expand phishing-resistant security in the AI sector.

"We are introducing a new model for phishing-resistant security at scale for the AI ecosystem," Chong said. "This partnership with OpenAI delivers the highest level of protection against phishing with a low-friction user experience. Ultimately, our intent is to drastically reduce the threat of unauthorised access to sensitive data in OpenAI accounts worldwide. We are proud to partner with OpenAI to deliver YubiKeys, the leading security key that offers the strongest way to use passkeys, increasing protection of sensitive user data for the AI frontier."

The tie-up also highlights the commercial importance of trust and account integrity for AI providers as business and consumer use of chatbots expands. Providers have faced pressure to show that access to accounts and stored information is protected against increasingly sophisticated social engineering attacks.

Dane Stuckey, chief information security officer at OpenAI, said the company had already adopted security keys as part of its internal controls.

"Security keys are one of the best ways to protect accounts from phishing, and Yubico has played a leading role in making that protection practical and accessible," Stuckey said. "We've made YubiKeys a standard part of how we protect OpenAI employees, and with Advanced Account Security, we're making it easier for ChatGPT users to choose that same kind of phishing-resistant protection when it's right for them."

Broader context

Hardware security keys remain relatively specialised in the consumer market, despite growing industry support for passkeys and passwordless login methods. Many users still rely on passwords and app-based multi-factor authentication, which can be more vulnerable to phishing or interception.

By packaging two form factors together, OpenAI and Yubico are trying to cover the most common use cases across mobile phones and laptops. The NFC model supports tap-based authentication on compatible mobile devices, while the smaller Nano version is intended for people who want a key to remain connected to a computer.

The partnership also gives Yubico access to a large, visible user base linked to one of the best-known AI services. For OpenAI, it offers security-conscious users a more robust sign-in method as scrutiny of AI platforms and their data handling continues to rise.

The package is designed to simplify secure login while reducing the risk of unauthorised access to OpenAI accounts.

Related stories
Experts warn AI era demands tougher data protection
AI-driven cyber wars to reshape security in 2026
HPE unveils AI security tools & quantum-ready updates
AI adoption drives security spend but breaches persist
Island adds browser AI controls to AWS Security Hub
Top stories
Microsoft warns of surge in QR code phishing attacks
Nintex adds on-premises AI to K2 for regulated firms
DigiCert launches content trust manager for AI media
DigiCert launches AI Trust architecture for agents
Fortinet warns ransomware victims rise 389% amid AI