OpenAI announces new advanced security for ChatGPT accounts, including a partnership with Yubico
OpenAI announces new advanced security for ChatGPT accounts, including a partnership with Yubico
OpenAI 宣布为 ChatGPT 账户推出全新的高级安全功能,并与 Yubico 达成合作
OpenAI is getting serious about account security. The company on Thursday launched Advanced Account Security (AAS), a set of opt-in protections for ChatGPT users designed for high-value individuals — but available to anyone who wants them. OpenAI 正愈发重视账户安全。该公司周四推出了“高级账户安全”(Advanced Account Security,简称 AAS),这是一套为 ChatGPT 用户设计的可选保护措施。虽然其初衷是为高价值用户提供保障,但任何有需要的用户均可启用。
As part of that new program, digital security provider Yubico announced it has partnered with OpenAI to link two new security key products to ChatGPT accounts. The company said the partnership was designed to protect users from the threat of phishing, which is considered to be a growing threat for chatbot users. The two companies are releasing a pair of “co-branded” YubiKeys — dubbed the YubiKey C NFC and the YubiKey C Nano. 作为该新计划的一部分,数字安全提供商 Yubico 宣布与 OpenAI 达成合作,将两款全新的安全密钥产品与 ChatGPT 账户关联。该公司表示,此次合作旨在保护用户免受网络钓鱼威胁,因为这对聊天机器人用户而言正成为日益严重的风险。两家公司正在发布一对“联名款”YubiKey,分别命名为 YubiKey C NFC 和 YubiKey C Nano。
OpenAI has suggested that AAS is a good fit for political dissidents, journalists, researchers, and elected officials — people who engage in politically charged and risky work. One would assume that it might make sense for enterprise users, whose corporate secrets are squirreled away in ChatGPT sessions. “Ultimately, our intent is to drastically reduce the threat of unauthorized access to sensitive data in OpenAI accounts worldwide,” Yubico CEO Jerrod Chong said in press release announcing the deal. OpenAI 建议,AAS 非常适合政治异见人士、记者、研究人员和民选官员等从事政治敏感及高风险工作的人群。可以预见,对于那些将企业机密存储在 ChatGPT 会话中的企业用户来说,这也同样具有重要意义。Yubico 首席执行官 Jerrod Chong 在宣布该交易的新闻稿中表示:“我们的最终目标是大幅降低全球 OpenAI 账户中敏感数据被未经授权访问的威胁。”
Security keys are small pieces of hardware that can be tied to digital accounts and enacted through a computer’s USB ports. A unique cryptographic identifier lives on the key, which allows only the person in possession of it to log into a connected account. 安全密钥是一种小型硬件设备,可以绑定到数字账户并通过计算机的 USB 端口启用。密钥中包含一个唯一的加密标识符,确保只有持有该密钥的人才能登录关联的账户。
If the threat of phished ChatGPT accounts may seem somewhat abstract, there is a growing body of literature showing that bad actors are increasingly targeting chatbot users. Cybercriminals are always on the lookout for extortion-worthy information and, given the intimate nature of most chatbot conversations, there is plenty of fodder when it comes to both enterprise and personal-level users. 如果说 ChatGPT 账户被钓鱼的威胁看起来还有些抽象,那么越来越多的文献表明,不法分子正日益将目标对准聊天机器人用户。网络犯罪分子一直在寻找可用于勒索的信息,考虑到大多数聊天机器人对话的私密性,无论是对于企业还是个人用户,这些对话都可能成为攻击者的“素材”。
Digital security is also becoming a bigger focus of the AI industry. Several weeks ago, Anthropic announced a new cybersecurity model called Mythos. Perhaps seeking to steal some of its competitor’s thunder, OpenAI has also made a number of announcements related to digital security. Thursday’s news of the Yubico partnership followed OpenAI’s announcement that it’s launching a new framework for digital defense. 数字安全也正成为人工智能行业关注的焦点。几周前,Anthropic 发布了一个名为 Mythos 的新型网络安全模型。或许是为了抢占竞争对手的风头,OpenAI 也发布了一系列与数字安全相关的公告。周四关于 Yubico 合作的消息,紧随 OpenAI 此前宣布推出全新数字防御框架之后。
Of course, a security-key-enabled account does offer stronger protection, but it comes with a tradeoff: If the key is lost, OpenAI won’t be able to help recover access. In practice, that means conversations could be lost for good. 当然,启用安全密钥的账户确实提供了更强的保护,但这也伴随着代价:如果密钥丢失,OpenAI 将无法协助恢复访问权限。在实际操作中,这意味着相关的对话记录可能会永久丢失。