Lily Hay Newman Security Apr 30, 2026 1:30 PM OpenAI Rolls Out ‘Advanced’ Security Mode for At-Risk Accounts OpenAI is rolling out Advanced Account Security for people concerned that their ChatGPT or Codex accounts could be potential targets of phishing attacks. Photograph: NurPhoto/Getty Images Save this story Save this story For anyone who fears their ChatGPT and Codex accounts might be targeted by attackers, OpenAI announced on Thursday that it is adding an optional new level of account protection that adds an extra layer of security. Dubbed Advanced Account Security, the feature enforces strict access controls that would make account takeover attacks very difficult. Such measures are not a new idea in the realm of account security. Google , for example, has offered its Advanced Protection account security tier for nearly a decade . But as mainstream AI services rapidly proliferate around the world, there is a pressing need for an array of basic protections to be put in place. OpenAI says the launch is part of its broader cybersecurity strategy announced earlier this month. Courtesy of OpenAi “People are turning to AI for deeply personal questions and increasingly high-stakes work,” the company said on Thursday in a blog post . “Over time, a ChatGPT account can hold sensitive personal and professional context, and sit at the center of connected tools and workflows. For some people, like journalists, elected officials, political dissidents, researchers, and those who are especially security-conscious, the stakes are even higher.” People who enable Advanced Account Security can no longer use regular passwords on their accounts. Instead, they must add two physical security keys or passkeys to significantly reduce the risk of successful phishing attacks. The feature also eliminates email and SMS texts and routes for doing account recovery. Instead, users must use recovery keys, backup passkeys, or physical security keys. OpenAI says it has partnered with Yubico to offer lower-cost YubiKey bundles to Advanced Account Security users. Crucially, when a user turns on Advanced Account Security, they can no longer seek help from OpenAI's support team for account recovery, because support no longer has access or control over any of the recovery options. This way, attackers can't attempt to break into accounts by targeting support portals with social engineering attacks. Advanced Account Security also enforces shorter sign-in windows and sessions before a user has to log in again on a device. And it produces alerts anytime someone logs in to the locked down account, pointing to the dashboard for reviewing active ChatGPT and Codex sessions. Additionally, while OpenAI offers the option for any user to opt out of having their ChatGPT conversations used for model training, this exclusion is on by default for Advanced Account Security users. Members of OpenAI's Trusted Access for Cyber program, which gives cybersecurity professionals, researchers, and others advanced access to new models, will be required to enable Advanced Account Security beginning on June 1 or submit an alternative attestation that they implement phishing-resistant authentication through an enterprise single sign-on mechanism. Comments Back to top You Might Also Like In your inbox: Upgrade your life with WIRED-tested gear Palantir employees wonder if they’re the bad guys Big Story: They built a legendary privacy tool —now they’re sworn enemies These AI models tried to scam me—some of them were scary good Event: How to adapt, compete, and win in the next era of business Lily Hay Newman is a senior writer at WIRED focused on information security, digital privacy, and hacking. She previously worked as a technology reporter at Slate, and was the staff writer for Future Tense, a publication and partnership between Slate, the New America Foundation, and Arizona State University. Her work ... Read More Senior Writer Topics OpenAI ChatGPT artificial intelligence security cybersecurity hackers phishing Read More The Hack That Exposed Syria’s Sweeping Security Failures When Syrian government accounts were hijacked in March, the breach looked chaotic. But it revealed something more troubling: a state struggling with the most basic layer of cybersecurity. Danny Makki Apple Will Push Out Rare ‘Backported’ Patches to Protect iOS 18 Users From DarkSword Hacking Tool As DarkSword spreads, Apple tells WIRED it will enable iOS 18-specific fixes for millions of iPhone owners who remain on that iOS version rather than force them to update to iOS 26. Andy Greenberg Top 1Password Coupons for April 2026 Save up to 28% on business and personal memberships with 1Password promo codes and deals. Scott Gilbertson Your Push Notifications Aren’t Safe From the FBI Plus: Iran’s internet blackout hits the 1,000-hour mark, cryptocurrency scams result in a record amount of money stolen from Americans, and more. Matt Burgess In the Wake of Anthropic’s Mythos, OpenAI Has a New Cybersecurity Model—and Strategy OpenAI says its safeguards “sufficiently reduce cyber risk” for now, while GPT-5.4-Cyber is a new cybersecurity-focused model. Lily Hay Newman NordVPN Coupons: 77% Off, Plus 3 Months Free in May Save up to 77% on 2-year plans and get 3 free months with our NordVPN discount codes. Scott Gilbertson Meta Pauses Work With Mercor After Data Breach Puts AI Industry Secrets at Risk Major AI labs are investigating a security incident that impacted Mercor, a leading data vendor. The incident could have exposed key data about how they train AI models. Maxwell Zeff Top Surfshark Promo Codes for May 2026 Save up to 87% with a Surfshark coupon code, 3 months of VPN free today, and more from WIRED. Scott Gilbertson Discord Sleuths Gained Unauthorized Access to Anthropic’s Mythos Plus: Spy firms tap into a global telecom weakness to track targets, 500,000 UK health records go up for sale on Alibaba, Apple patches a revealing notification bug, and more. Matt Burgess 5 Reasons to Think Twice Before Using ChatGPT—or Any Chatbot—for Financial Advice As people increasingly rely on AI chatbots for guidance, even on financial matters, a healthy dose of skepticism is critical. Reece Rogers Use Gmail’s ‘Manage Subscriptions’ Tool to Cut Down on Inbox Clutter Find and remove newsletter subscriptions more easily using Gmail’s built-in tools for organizing bulk emails. David Nield Elon Musk’s XChat App Is More Like Facebook’s Messenger Than Signal Rather than launching a sleek, worthwhile encrypted messaging app, Musk dropped a junky, insular extension of his social media platform. Reece Rogers