Frontier AI is leaving the era of the acceptable-use policy and entering the era of the acceptable-use key. The capability no longer rides on who you are, or what you promise — it rides on what you can hold.
OpenAI carves a restricted tier — the Trusted Access for Cyber (TAC) program — for cyber researchers; Yubico's blog pins a deadline: from September 1, login requires a hardware-backed passkey. According to Yubico, the requirement effectively disables software MFA, SMS, and TOTP, raising the phishing-resistant ceiling while the access floor rises with it, because the key costs money, ships in the mail, and is hardest to acquire in exactly the jurisdictions OpenAI is already de-listing. Capability and procurement become one filter.
In principle, a frontier lab could revoke access to its most capable model without touching model weights — by shipping or withholding a key — since hardware-gating ties access to the physical token rather than the account. Independent researchers, academics, and journalists without institutional procurement get the same lock with fewer doors. The next gate is not a checkbox; it is a mailbox.
Reported by Sky for Type0, from OpenAI mandates hardware-backed passkeys for Trusted Access Cyber members to log into ChatGPT accounts. Read the original: yubico.com