For FIDO, which was the main topic of the original post, the Yubikey has a symmetric key inside it.
Choosing a random new key invalidates all your existing credentials enrolled with that Yubikey, since your Yubikey will no longer be able to decrypt the identifier provided and sign proof that it knows the associated private key (in practice what it decrypted was your private key for that account, and now it can't do that)
This "reset" operation is supported on Yubikeys, and you perhaps should do it when you get the key (Don't do it now! It invalidates your credentials as I described!), although most users probably don't. However, even if you do this if your key is fake why would the initialisation actually work? The same adversary could modify it to just ignore this reset attempt and use a symmetric key they know. So there is no benefit from hypothetically requiring you to perform this initialisation step, nor from having the device do it when first used.
Choosing a random new key invalidates all your existing credentials enrolled with that Yubikey, since your Yubikey will no longer be able to decrypt the identifier provided and sign proof that it knows the associated private key (in practice what it decrypted was your private key for that account, and now it can't do that)
This "reset" operation is supported on Yubikeys, and you perhaps should do it when you get the key (Don't do it now! It invalidates your credentials as I described!), although most users probably don't. However, even if you do this if your key is fake why would the initialisation actually work? The same adversary could modify it to just ignore this reset attempt and use a symmetric key they know. So there is no benefit from hypothetically requiring you to perform this initialisation step, nor from having the device do it when first used.