Yubico touts proven security protection for OpenAI trusted access program

Hardware authentication device make Yubico has announced that OpenAI will mandate the use of passkeys for individuals that are part of their Trusted Access for Cyber (TAC) program, affording the firm a “significant role in securing the AI frontier.”

A release says that starting June 1, 2026, “individuals in TAC with access to OpenAI’s most powerful and permissive AI models will be required to enable Advanced Account Security (AAS).”

Yubico believes OpenAI’s mandate signals a new industry precedent: “when working with agents, sensitive codebases, and powerful cybersecurity capabilities in frontier models, proven security protection like hardware-backed passkeys are no longer optional – they are the essential circuit breaker for the AI frontier,” the company says.

Autonomous agents mean a breach can now mean unauthorized code access and environment manipulation. “We are in an era where AI can analyze vulnerabilities and act on our behalf,” says Albert Biketi, chief product and technology officer for Yubico. “In that world, the only thing more powerful than the AI itself is the identity of the person controlling it.”

Passkeys, including hardware-backed passkeys like Yubico’s YubiKey, provide phishing-resistant, hardware-backed protection that OpenAI requires for the AAS program. A physical “tap” of a YubiKey acts to ensure high-consequence AI actions are authorized by a verified human.

That means organizations can meet OpenAI’s standards by integrating Yubico’s phishing-resistant authentication into their SSO workflows, and leverage Yubico’s “Primary and Backup” bundles to ensure users maintain mission-critical access.

Biketi calls OpenAI’s mandate a “pivotal moment, moving the industry away from ‘probabilistic’ security – where we hope a password is strong enough – to a cryptographic certainty that only hardware can provide.”

OpenAI and Yubico previously partnered on a deal that involved removing password-based login from ChatGPT and Codex accounts.

Amazon declares passkeys victorious

Passkeys are now the default sign-in method for Amazon customers, and a post from Stephen Schmidt, senior vice president and chief security officer at Amazon, lauds them as “one of the most useful changes in user auth security in the last 10 years.” As evidence, he cites the 465 million Amazon customers who have enrolled passkeys as of Q1 2026. That’s 75 percent year-over-year growth.

The secret sauce, it turns out, is a significant improvement in user experience – which Smith says, with passkeys, is “SOOOOOOO much better.”

“Stronger security usually means a worse experience for the customer. Better usability usually means weaker protections. Passkeys break that pattern. Customers sign in with a fingerprint, face scan, or device PIN the same way they unlock their phone. There’s nothing to remember and nothing that can be phished or guessed.”

And Amazon’s data shows that customers sign in six times faster than with a username and password. “That’s better security and a better experience,” Schmidt says. “And it’s why we’ve invested so heavily here.”

Article Topics

Amazon  |  biometric authentication  |  biometric security key  |  OpenAI  |  passkeys  |  passwordless authentication  |  Yubico