OpenAI Requires Hardware Passkey for Access to Cyber-Permissive Models in TAC Programme

OpenAI has begun requiring, as of this Monday (1), hardware passkey authentication for individual users of the Trusted Access for Cyber (TAC) programme. This group receives versions of the GPT-5.5, GPT-5.5-Cyber, and GPT-5.4-Cyber models with reduced safeguards for tasks such as malware analysis, reverse engineering of binaries, vulnerability identification, detection engineering, and patch validation. The measure applies to thousands of verified defenders and hundreds of teams protecting critical software, according to documentation released by the company.

The announcement coincided with a partnership with Yubico, which produced a dual pack of YubiKey specifically for TAC users. Organisations enrolled in the programme can opt to use phishing-resistant authentication via corporate SSO, provided they attest to maintaining control. Traditional passwords and SMS codes are no longer valid for individual access to the more permissive tier.

What Has Changed in the Policy

The first version of the TAC, launched in February, allowed login with a password and MFA through an app. The escalation came when OpenAI began delivering cyber-permissive variants of GPT-5.5, capable of producing functional exploit code, detailed instructions for penetration testing, and comprehensive analyses of malware families. This type of output is exactly what a malicious actor wishes to obtain. It would merely require compromising the account of a legitimate defender to utilise OpenAI's intelligence in an attack.

The hardware passkey breaks the phishing economy. A stolen credential loses value without the physical token, and the token does not traverse via email. OpenAI was able to keep the door open only with conventional MFA, and chose to close it. This move generates friction as defenders in the field need to carry the key, and losses require re-registration with authorised partners. The corporate SSO model is less invasive: the company attests that its central authentication is already phishing-resistant, and OpenAI relies on their control.

The Next Frontier in the Identity Market

The mandate confirms a trend that has been emerging since 2024 on three parallel fronts. The FIDO Alliance has been advocating for passkeys for years. CISA and NIST published guidelines requiring phishing-resistant authentication in US federal agencies. The novel aspect here is the AI vendor adopting the same standard as an entry point for paid products. When the provider imposes such a requirement, the client's risk committee loses the excuse of "waiting for market maturity".

Yubico will capture part of the upside as a hardware provider. However, the strategic point is the signal for the rest of the industry: Anthropic, Google, and Mistral will face regulatory and commercial pressure to standardise the same controls in security research windows. Anthropic, which filed a confidential IPO on the same date, already requires mandatory MFA in its corporate console, but has not yet mandated a hardware key for the equivalent tiers. Google and Microsoft operate variants of cybersecurity research preview without such similar requirements. The market may have just six months before this baseline becomes standard.

How This Affects Security Teams Outside the US

For CISOs in European banks under DORA, the decision serves as an embedded regulatory signal. The policy of "privileged access to AI systems with phishing-resistant authentication" now has a commercial precedent: the provider itself requires the control. Waiting for the publication of internal directives is no longer an excuse. Security teams at Deutsche Bank, BNP Paribas, ING, and UBS are likely to update their internal policies in weeks, not months, to align with OpenAI's requirements and anticipate oversight from the ECB regarding the use of AI in fraud and AML workflows.

In India and the Philippines, where outsourced SOC operators from TCS, Wipro, Concentrix, and HCL use generative AI for L1 and L2 tasks, logistics are the most sensitive point. The remote work model established post-2020 does not align well with hardware tokens. Firms will need to issue YubiKeys for distributed teams, rethink offboarding procedures (the key must be returned or disabled immediately), and update SLAs with clients regarding downtime caused by credential loss. The unit cost is low, but the operation changes. A CISO signing an MSSP contract now needs to ensure, by clause, that each L1 operator with access to OpenAI models carries the physical token at home.

OpenAI's decision precedes a standard that will become industry-wide. Those still maintaining internal SOCs based on passwords plus SMS codes for access to AI tooling have a short window to review their risk matrix before a regulatory directive enforces top-down change.