What happened
OpenAI rolled out Advanced Account Security, a new opt-in feature for ChatGPT users at increased risk of targeted hacking attacks, including journalists, researchers, political dissidents, and elected officials. The feature focuses on four areas: stronger authentication (hardware security keys, passkeys), secure account recovery (replacing email/SMS with backup passkeys and recovery keys), shortened sign-in sessions to reduce takeover risk, and automatic threat monitoring.
Why it matters
As LLMs become embedded in sensitive workflows (legal research, investigative journalism, political strategy), account compromise becomes a direct route to exfiltrating proprietary prompts, conversation history, and uploaded documents. OpenAI's move signals that AI platform providers are recognizing ChatGPT accounts as high-value targets analogous to email or cloud storage accounts. The feature also protects users of OpenAI's Codex vulnerability scanner, indicating concern that security tooling itself may be targeted.
Applicability
Organizations that allow employees to use ChatGPT for sensitive work (legal, financial, HR, M&A due diligence) should evaluate whether to mandate Advanced Account Security for those roles. Security teams should also assess whether their existing account-takeover detection and incident-response playbooks cover AI platform accounts, especially for users with access to organizational ChatGPT Team or Enterprise instances.