OpenAI's latest AI product update is not a faster model or a bigger benchmark score. It is a security upgrade for the account layer that sits in front of ChatGPT and Codex.
What changed
On April 30, OpenAI introduced Advanced Account Security for eligible personal ChatGPT accounts. The feature is opt-in on web and also protects Codex when both products share the same login.
Once enabled, users must sign in with passkeys or FIDO-compatible security keys. OpenAI disables passwords, email and SMS sign-in codes, and email-based account recovery. The setup also adds recovery keys, shorter sessions, login alerts, active session management, and automatic exclusion from model training while the feature is enabled.
Why this matters
This is a notable product signal: AI products are becoming important enough that account takeover is now a front-page feature concern, not a buried settings page detail.
For people using ChatGPT or Codex for client work, prototypes, research, or connected workflows, the account may hold prompts, files, project context, and access to other tools. Hardening the login reduces the chance that a compromised inbox or reused password becomes the weak link.
The tradeoff OpenAI is making explicit
OpenAI is also clear about the downside. Enrollment requires at least two secure sign-in methods, including one that works across devices, plus saved recovery keys. If a user loses all sign-in methods and recovery keys, OpenAI Support cannot fall back to standard email recovery.
That tradeoff matters because it turns AI account security into an intentional operational choice, closer to how developers already treat GitHub, cloud, and admin accounts.
Practical takeaways for builders
- Security is becoming part of the AI product surface, not just backend plumbing.
- Passkeys and phishing-resistant authentication are moving from enterprise IT policy into mainstream AI tools.
- If you are building AI features into your own product, review how much sensitive context lives behind a single user login and whether your recovery flow is too permissive.
Availability and rollout notes
According to OpenAI's help documentation, the feature is available for eligible personal ChatGPT accounts on web in supported regions. It is not available for ChatGPT Enterprise users, enterprise-managed accounts, or accounts attached to enterprise-managed domains. OpenAI is also offering a preferred-pricing YubiKey bundle through Yubico, although any compatible passkey or FIDO security key can work.