Synopsis
OpenAI has launched Lockdown Mode to combat prompt injection attacks, a security feature designed for users handling sensitive data. This mode restricts live web browsing and image retrieval from the internet, aiming to prevent data exfiltration by limiting outbound network requests. It is available to eligible personal and business accounts.Listen to this article in summarized format
According to the company, the feature is not intended for all users. Instead, it is “designed for people and organizations that handle sensitive data and want stricter protection from data exfiltration risks related to prompt injection.”
The feature works by limiting certain capabilities that could potentially be exploited by attackers.
When enabled, Lockdown Mode disables live web browsing, meaning ChatGPT can only access cached web content. It also turns off the retrieval and display of images from the internet, although users can still generate images. Deep Research and Agent Mode are also unavailable while the setting is active.
OpenAI said the feature is being rolled out to eligible personal accounts, including Free, Go, Plus and Pro users, as well as self-serve ChatGPT Business accounts.
What is prompt injection?
“Prompt injection is a type of social engineering attack specific to conversational AI,” according to OpenAI's website. “Prompt injections occur when a third-party — not the user nor the AI —misleads the model by injecting malicious instructions into the conversation context.”
In simple terms, prompt injection is similar to phishing. Just as a scam email may try to trick a person into revealing sensitive information, a prompt injection attempts to manipulate an AI system into carrying out actions or revealing data it should not.
OpenAI stressed that Lockdown Mode does not stop prompt injections from appearing in content processed by ChatGPT.
“For example, a prompt injection could appear in cached web content or in an uploaded file, and could still affect the behaviour or accuracy of a response,” it said.
The goal, instead, is to make it harder for sensitive information to be transferred to attackers by restricting outbound network requests.
The company also noted that Lockdown Mode does not affect memory, file uploads, conversation sharing, or whether chats may be used to improve models.
How to activate
For eligible personal accounts and self-serve ChatGPT Business accounts:
- Go to Settings.
- Select Security.
- Under Advanced security, turn on Lockdown Mode.
- In the confirmation window, select Turn on.
OpenAI said Lockdown Mode and Developer Mode cannot be used together. Enabling one automatically disables the other.
When Lockdown Mode is active, a status message appears above the composer. Users can temporarily disable it for a specific chat through the Manage option or the more-options menu, and re-enable it later if needed.
