OpenAI Launches Lockdown Mode to Prevent Prompt-Injection Attacks

OpenAI has introduced "Lockdown Mode," a security feature for ChatGPT designed to disable internet-connected capabilities to mitigate prompt-injection attacks [1, 2].

This update addresses a critical vulnerability in large language models where external data can manipulate a bot's behavior. By restricting access to the open web, the company aims to provide a more secure environment for organizations and individuals who manage highly sensitive data [1, 2].

Lockdown Mode specifically disables functions such as live web browsing and deep research [1, 2]. These tools, while useful for gathering current information, can inadvertently expose the AI to malicious instructions embedded in websites. Such attacks, known as prompt injections, occur when an AI reads a webpage containing hidden commands that override the user's original instructions [1, 2].

OpenAI said the feature provides additional safeguards for users and organizations [1, 2]. The company is positioning the tool as a way to reduce the risk of data leakage and unauthorized command execution, a growing concern as more businesses integrate AI into their internal workflows [1, 2].

Users can toggle this mode based on their specific needs for a given session. While the disabled features limit the AI's ability to fetch real-time data, the trade-off is a significant reduction in the attack surface available to bad actors [1, 2].

This move follows a broader trend in the industry to harden AI security. As these models gain more agency to interact with the internet and third-party applications, the potential for "indirect prompt injection" increases, making isolation tools like Lockdown Mode a necessity for enterprise-grade security [1, 2].