OpenAI Closes the Phishing Gap That Was Blocking Enterprise ChatGPT Deals

6. OpenAI Closes the Phishing Gap That Was Blocking Enterprise ChatGPT Deals

On April 30, 2026, OpenAI rolled out Advanced Account Security for ChatGPT accounts, introducing phishing-resistant login via passkeys and hardware security keys, stronger account recovery flows, and enhanced protections against account takeover. The update applies across ChatGPT tiers and targets organizations handling sensitive data. No specific enterprise pricing tier was named, but the announcement explicitly frames the feature set around preventing credential compromise at scale.

This matters less as a security feature and more as a sales unlocker. Phishing-resistant authentication is a baseline requirement for FedRAMP authorization and most Fortune 500 security reviews. Its absence had given Microsoft, whose Copilot for Microsoft 365 inherits Azure Active Directory's FIDO2 stack, and Google, whose Gemini for Workspace ties into Google Identity's passkey infrastructure, a concrete procurement advantage. OpenAI was losing deals not on model quality but on a checklist item. Closing that gap shifts the competitive conversation back to capability and price. It also signals that OpenAI is treating ChatGPT Enterprise as a standalone product with its own security surface, not a wrapper around a consumer app.

The broader pattern: OpenAI is systematically filling enterprise table-stakes gaps that its consumer-first origin left open. Audit logs, data residency controls, and now phishing-resistant auth are arriving in sequence. Watch whether SOC 2 Type II scope expansion or FedRAMP Moderate authorization follows within the next two quarters. Those two milestones would open U.S. federal and regulated-industry procurement channels that are currently inaccessible, and they would represent a more durable competitive advantage than any single model release.

Source: Introducing Advanced Account Security