OpenAI introduces Lockdown Mode in ChatGPT to prevent data theft resulting from prompt injection attacks.

OpenAI introduces Lockdown Mode in ChatGPT to prevent data theft resulting from prompt injection attacks.

      **TL;DR**: ChatGPT’s new Lockdown Mode disables features like live browsing, agent mode, and deep research to prevent data theft through prompt injections. It is available for all subscription plans.

      OpenAI has started the rollout of Lockdown Mode for ChatGPT, a security feature aimed at preventing data theft via prompt injection attacks. This mode turns off live web browsing, agent mode, deep research, image retrieval, Canvas networking, and file downloads. It is available to users logging in across Free, Go, Plus, Pro, and self-serve ChatGPT Business plans.

      Prompt injection is viewed by OpenAI as a “frontier” issue affecting all large language models. This attack hides harmful instructions within content called by the model, like a webpage or an uploaded file. If the model executes these instructions, it may inadvertently transmit sensitive information to a server controlled by an attacker.

      Lockdown Mode does not prevent injections from occurring; a malicious component in a cached webpage or uploaded PDF can still alter the model's actions. However, it does block the outgoing channels that an attacker would use to extract data. Without live browsing, there are no network requests to outside servers, and the inability to retrieve images means there are no pixel-based data channels.

      “Lockdown Mode aims to significantly reduce the risk of data exfiltration via prompt injection, but it cannot ensure that data theft won't occur,” OpenAI stated. “There may still be risks through enabled applications, unexpected capability combinations, or newly found techniques.”

      The trade-off is notable; with Lockdown Mode activated, ChatGPT loses most functionalities that enhance its agent and research features. Live browsing becomes limited to cached content, agent mode is completely disabled, and deep research is unavailable. As OpenAI admits, this mode is “not meant for everyone.”

      This feature comes as prompt injection attacks on AI agents have raised considerable concerns. Security researchers have illustrated the potential for hijacks against agents from Anthropic, Google, and Microsoft through their GitHub Actions integrations. The three companies offered bug bounties but did not release public warnings. The core vulnerability is intrinsic: LLMs struggle to distinguish between data and instructions reliably.

      Lockdown Mode and Developer Mode cannot be activated simultaneously; enabling one will disable the other. OpenAI has also introduced a session management feature that allows users to review active ChatGPT sessions and log out of individual devices if they notice unauthorized activity.

      This feature represents a practical compromise. OpenAI is not asserting that prompt injection has been resolved but recognizes the issue persists and provides users a means to mitigate their risk by sacrificing some functionality. For those managing sensitive data in ChatGPT, this trade-off is worthwhile. For others, the expanding ecosystem of agents and the accompanying risks mean exposure is likely to grow.

Other articles

OpenAI has introduced Lockdown Mode to ChatGPT to prevent data theft resulting from prompt injection attacks. OpenAI has introduced Lockdown Mode to ChatGPT to prevent data theft resulting from prompt injection attacks. ChatGPT's new Lockdown Mode turns off live browsing, agent mode, and deep research to prevent attackers from extracting data via prompt injection. Trump signs a memorandum placing the 'most advanced AI' under military control and prohibiting vendors from shutting it down. Trump signs a memorandum placing the 'most advanced AI' under military control and prohibiting vendors from shutting it down. Trump's recent security memorandum speeds up the implementation of military AI, mandates an update to the autonomous weapons directive, and prohibits companies from deactivating deployed models. Kyle Vogt's Bot Company is facing a lawsuit for converting an Airbnb into a robot laboratory. Kyle Vogt's Bot Company is facing a lawsuit for converting an Airbnb into a robot laboratory. The Bot Company reportedly rented a house in San Francisco under deceitful circumstances and utilized it as a research and development lab for domestic robots. The homeowner is seeking $12,000 in damages. Google's updated AI response system may simplify the texting experience. Google's updated AI response system may simplify the texting experience. Google Messages is said to be trialing a new feature called “tap to draft,” which utilizes AI to create longer and more contextually relevant text responses within conversations. Trump signs a memorandum that places 'the most advanced AI' under military control and prohibits suppliers from withdrawing support. Trump signs a memorandum that places 'the most advanced AI' under military control and prohibits suppliers from withdrawing support. Trump's latest security memo speeds up the implementation of military AI, directs an update for autonomous weapons guidelines, and prohibits companies from deactivating deployed models. Kyle Vogt's Bot Company is facing a lawsuit for converting an Airbnb into a robotics laboratory. Kyle Vogt's Bot Company is facing a lawsuit for converting an Airbnb into a robotics laboratory. The Bot Company is accused of reserving a home in San Francisco under misleading circumstances and utilizing it as a research and development lab for home robots. The property owner is suing for $12,000.

OpenAI introduces Lockdown Mode in ChatGPT to prevent data theft resulting from prompt injection attacks.

ChatGPT's new Lockdown Mode turns off live browsing, agent mode, and deep research to prevent attackers from extracting data via prompt injection.