en.Wedoany.com Reported - OpenAI has introduced a new security feature called Active sessions, allowing ChatGPT users to view and log out of active sessions, aiming to enhance account security and accountability in AI governance. This feature is now available for all ChatGPT account and workspace types, including personal and admin accounts.

Ensar Seker, Chief Information Security Officer at SOCRadar, noted that previously organizations had limited visibility into user login locations and could only enforce re-authentication through broad measures like password resets. Granular session control is a more efficient and less disruptive approach. From a governance perspective, session transparency enhances accountability and supports investigations.

Active sessions allow administrators to view known browser and application sessions on ChatGPT, Codex, and the API platform, including device and browser information, approximate location, login date and time, whether the device is trusted, and current session status. Users can access this via "Settings" > "Security" > "Active sessions" and choose to log out of specific sessions or remove devices from trusted services. Logging out of all sessions may take up to 30 minutes. However, OpenAI emphasizes that session details may be "approximate or incomplete," and the feature does not display or manage associated applications, third-party apps, third-party service logins, Codex CLI sessions, or recently logged-out sessions. Additionally, Active sessions cannot be used for accounts bound to enterprise single sign-on (SSO), including Security Assertion Markup Language (SAML) and OpenID Connect (OIDC).

David Shipley of Beauceron Security stated that OpenAI's ability for administrators to end active sessions has long existed on many platforms. Although it arrived late, better late than never. From a security perspective, OpenAI can better regulate ChatGPT to prevent threat actors from using it to host malware. Seker also noted that this level of visibility and oversight is what enterprises have expected from SaaS platforms for years, allowing administrators and users to quickly identify unauthorized access, terminate outdated sessions, and reduce the risk of account compromise.

Last week, OpenAI updated GPT-5.5 Instant in the ChatGPT app and API, aiming to "improve response style and quality." The company launched this model in early May as a successor to GPT-5.3 Instant, describing it as "generally smarter" with fewer hallucinations. However, enterprises still face governance challenges with iterative model updates. Shipley believes this is unsustainable because it is difficult to develop appropriate test plans for non-deterministic systems. Seker pointed out that many organizations conduct security, compliance, and business validation tests before approving a model, but when model behavior changes under the same version series, previously documented assumptions may no longer be accurate. He believes the biggest AI governance challenge is not model adoption but model changes. Most organizations can evaluate a model once, but few are prepared to continuously assess its evolution over time. This is particularly challenging for regulated industries that rely on auditability, reproducibility, and change management.

Valence Howden of Info-Tech Research Group noted that organizations often cannot assess the impact of model iterations on boundaries, or are even unaware of these changes. He mentioned that while initial enterprise challenges relate to the model itself, its role, and ownership, iterative updates may blur these issues and increase reliance on third-party practices and tools that organizations often lack. If they cannot opt out before updates are integrated, enterprises are essentially red-teaming updates alongside their customers.

Seker stated that security teams are pushed to their limits as they need to manage rapidly evolving models, new features, and changing behaviors while maintaining compliance, risk management, and business continuity. The difficulty in governance arises because organizations are no longer evaluating a static product but managing a "continuously evolving service" where features, integrations, and user behaviors change faster than traditional security review cycles. Howden agreed, noting that existing governance practices in enterprises, especially accountability and risk practices, are weak. They are also incentivized to pursue speed and innovation, thus viewing governance as a constraint and ignoring or unwilling to enforce it.

Seker recommends that organizations treat AI models as living systems rather than fixed versions. Security and governance plans should include continuous validation, monitoring, and periodic reassessment, rather than relying on one-time approval processes. Enterprises should also establish clear expectations for vendor change management, including transparency regarding model updates, behavioral changes, and potential impacts on existing workflows. He believes effective AI governance increasingly depends on visibility into changes, not just visibility into risks.

This article is compiled by Wedoany. All AI citations must indicate the source as "Wedoany". If there is any infringement or other issues, please notify us promptly, and we will modify or delete it accordingly. Email: news@wedoany.com