OpenAI has introduced a new security feature called Lockdown Mode, designed to give users extra protection against prompt injection attacks. In those attacks, malicious instructions are hidden inside webpages or other content sources and can trick a chatbot into revealing sensitive data or behaving unexpectedly.
The company explained that Lockdown Mode disables several features. Live web browsing is turned off, meaning the system can only access cached content. Retrieval and display of images from the web are also blocked, though users can still generate images using ChatGPT. Deep research and agent mode are disabled as well.
Even with Lockdown Mode enabled, OpenAI warned that ChatGPT might still be vulnerable to prompt injections. For example, harmful instructions could appear in cached web content or in an uploaded file and could still affect the behavior or accuracy of a response. The goal of the feature is to reduce the likelihood that sensitive data gets shared in the process.
Who should use Lockdown Mode
OpenAI made clear that Lockdown Mode is not intended for everyone. The company said it is designed for people and organizations that handle sensitive data and want stricter protection from data exfiltration risks related to prompt injection. Data exfiltration is when an attacker causes a system to transmit sensitive information to an unauthorized party.
The announcement comes as concerns around AI security continue to grow. Prompt injection has been a known risk since the rise of large language models. Attackers can embed instructions in seemingly harmless text, such as a webpage or document, that cause the AI to ignore its normal safeguards and carry out harmful actions. Lockdown Mode aims to limit the attack surface by cutting off features that could be exploited.
Stay updated
Get the day's AI and automation news in your inbox. No spam, unsubscribe anytime.
Rollout details
OpenAI said it is currently rolling out Lockdown Mode to self-serve ChatGPT Business accounts, as well as to eligible personal accounts. The company did not specify a timeline for broader availability or for enterprise customers.
The feature is the latest in a series of security measures from OpenAI. The organization has previously implemented content filtering, rate limiting, and other controls to prevent misuse of its AI models. Lockdown Mode represents a more aggressive step specifically aimed at data exfiltration risks.
For users who need to work with highly sensitive information but still want to use AI assistants, Lockdown Mode offers a trade-off. It reduces functionality in exchange for increased protection. OpenAI emphasized that the mode is optional and should be activated only by those who have a clear need for that level of security.
The company has not disclosed whether Lockdown Mode will be available in the free tier of ChatGPT or only in paid plans. The current rollout to Business and eligible personal accounts suggests that it will remain a premium feature.