Your conversations won't be used to train future models
As artificial intelligence platforms grow more embedded in professional and creative life, the accounts that hold our thinking—not just our documents—have become targets worth protecting with greater care. OpenAI has responded by offering high-risk users stronger authentication methods and, quietly, a meaningful promise: that the conversations entrusted to its systems will not be used to train the machines that follow. This is a moment where the industry begins to reckon with a new kind of privacy, one that concerns not merely what we store, but what we reveal in the act of thinking aloud.
- AI accounts have become high-value targets because they expose not just files, but the reasoning and process behind them—a far more intimate kind of breach.
- OpenAI is now offering passkeys and physical security keys to users most at risk, replacing password-based login with cryptographic authentication tied to a physical device.
- Real-time login alerts give enrolled users immediate warning when someone attempts to access their account, closing a window that traditional platforms have long left open.
- In a move that may matter more than the authentication upgrades, users who enable advanced security are automatically removed from AI model training pipelines.
- The feature is currently framed as opt-in for high-risk users, but the industry logic is clear: today's premium protection tends to become tomorrow's baseline expectation.
OpenAI has introduced a set of advanced security tools designed for users whose accounts are especially attractive to attackers—journalists, executives, researchers, and others whose compromise would carry outsized consequences. The new options allow login to ChatGPT and Codex via passkeys or physical security keys, authentication methods that replace vulnerable passwords with cryptographic verification tied to a device. Real-time alerts accompany any new login, giving users immediate visibility into unauthorized access.
The need is real. As AI platforms have become central to professional work, a breached account no longer just exposes stored files—it can reveal API keys, custom workflows, and sensitive business data. More unsettling still, it exposes the thinking behind finished work: the drafts, the iterations, the reasoning that led to a decision. That kind of exposure can be more damaging than the final document itself.
Less visible but potentially more significant is what happens to user data once someone is safely logged in. Enrolling in advanced security automatically opts users out of AI model training, meaning their conversations and code will not feed into future versions of OpenAI's products. For anyone handling proprietary or sensitive information, this data boundary may matter as much as the authentication layer above it.
OpenAI has not said whether these features will eventually extend to all users or remain an opt-in tier. But the trajectory of security features across the industry suggests the answer is a matter of when, not whether—as the value of AI accounts rises and attackers grow more sophisticated, today's premium protections have a way of becoming tomorrow's minimum standard.
OpenAI has rolled out a suite of security tools aimed at protecting users whose accounts represent particularly attractive targets for hackers. The new advanced account security settings let users log into ChatGPT and Codex using passkeys or physical security keys—authentication methods that sidestep the vulnerabilities of traditional passwords. Anyone who enables these protections will also receive alerts whenever a new login occurs on their account, giving them immediate visibility into unauthorized access attempts.
The move addresses a real vulnerability in how AI platforms store and handle user data. As these services have grown more central to creative and technical work, they've become more valuable to attackers. A compromised ChatGPT account doesn't just expose conversation history; it can provide access to API keys, custom workflows, and in some cases, sensitive business information. The passkey system—which uses cryptographic authentication tied to a device rather than a memorized string—eliminates an entire class of attack vectors, from brute-force password guessing to credential stuffing campaigns that exploit reused passwords across services.
But OpenAI's approach includes something less visible but potentially more consequential. Users who activate advanced security settings are automatically excluded from the company's AI model training pipeline. This means their conversations, code snippets, and other interactions won't be fed into the systems that power future versions of ChatGPT or other OpenAI products. For users handling proprietary information, client data, or anything they consider sensitive, this opt-out is as important as the authentication layer itself. It's a recognition that security isn't just about preventing unauthorized access—it's also about controlling what happens to your data once you've successfully logged in.
The timing reflects broader industry anxiety about account security in the AI era. As these tools become embedded in professional workflows and business operations, the stakes of a breach have risen sharply. A compromised account at a traditional SaaS company might expose business documents or email. A compromised AI account can expose the thinking process behind those documents—the drafts, the iterations, the reasoning that led to a final decision. For some users, that's more sensitive than the finished product.
OpenAI hasn't announced whether these advanced security features will eventually become standard for all users or remain an opt-in tier. The current framing suggests they're designed for high-risk users—journalists, researchers, executives, anyone whose account compromise would create outsized damage. But the logic of security suggests the trajectory: what starts as a premium feature often becomes table stakes. As attackers grow more sophisticated and the value of AI accounts continues to climb, the question isn't whether passkeys and login alerts will become mandatory, but when.
A Conversa do Hearth Outra perspectiva sobre a história
Why does OpenAI need to offer passkeys and physical security keys specifically? Aren't regular passwords with two-factor authentication enough?
Passwords are fundamentally weak because they're human-memorable. That makes them vulnerable to guessing, phishing, and reuse across services. Passkeys eliminate that entirely—they're cryptographic keys tied to your device. You can't forget them or reuse them. For high-value targets, that difference matters enormously.
And the automatic opt-out from model training—is that a security feature or a privacy feature?
It's both, but they're solving different problems. The security angle is that your data stays off OpenAI's servers longer. The privacy angle is that your conversations won't be used to train future models. For someone handling confidential work, that's the real protection.
Who exactly is this for? It sounds like it's not for casual ChatGPT users.
Right. It's for people whose account compromise would be genuinely damaging—journalists with sources, researchers with unpublished findings, executives discussing strategy. Anyone whose thinking process is as sensitive as their finished work.
Does this suggest OpenAI has had security breaches, or is this preventative?
It's preventative, but it's also an acknowledgment that AI accounts are now high-value targets in a way they weren't two years ago. As these tools become central to professional work, attackers pay more attention. OpenAI is getting ahead of that.
What happens to users who don't enable advanced security?
They keep using passwords and standard two-factor authentication. They remain in the training pipeline. OpenAI isn't forcing anyone to change, but they're making it clear that if you care about both security and data privacy, there's now a path to both.