OpenAI Adds Lockdown Mode to Limit AI Data Theft Risks
The new security setting restricts web access, AI agents and external connections as concerns grow over prompt injection attacks targeting AI assistants.
News
- TCS Wins Canada Life AI Services Deal
- OpenAI Adds Lockdown Mode to Limit AI Data Theft Risks
- Gemini Flaw Let Hackers Exploit Android Notifications
- AI Is Beginning to Write Its Own Future, Anthropic Says
- Data Centers Find Friendlier Ground in India, Survey Finds
- Supreme Court Proposes AI Rules for Courts, Bars Algorithm-Only Judicial Decisions
OpenAI has introduced Lockdown Mode, a new ChatGPT security setting that limits access to the internet and external services to reduce the risk of sensitive data being leaked through prompt injection attacks.
The move comes shortly after cybersecurity researchers disclosed a flaw in Google’s Gemini voice assistant that could let attackers manipulate it through notifications from apps including WhatsApp, Slack, Signal, SMS, Instagram and Messenger.
SafeBreach said the technique used hidden instructions inside seemingly ordinary notifications to influence Gemini’s behavior and trigger unauthorized actions.
Google has since rolled out updates to mitigate the issue, according to SafeBreach.
OpenAI said Lockdown Mode is intended for users and organizations that handle sensitive data and want tighter controls over how ChatGPT interacts with external systems.
“Lockdown Mode is an optional advanced security setting that limits many tools and capabilities in OpenAI products that can connect to the web or external services,” OpenAI said.
The firm said the feature is designed to reduce the risk of data exfiltration, or the unauthorized transfer of information outside a system.
Prompt injection attacks have become a growing concern across the AI industry as assistants gain access to websites, files, emails, messages and external tools. In such attacks, malicious instructions are hidden inside content that an AI system processes, potentially influencing its responses or actions.
OpenAI said Lockdown Mode targets the final stage of such attacks.
“Lockdown Mode is designed to help prevent the final stage of data exfiltration from a prompt injection attack by limiting outbound network requests that could transfer sensitive data to an attacker,” the company said.
When enabled, Lockdown Mode disables or restricts several ChatGPT features. Live web browsing is limited to cached content, meaning search results may be incomplete, unavailable or stale. Deep Research and Agent Mode are disabled, and ChatGPT cannot download files from the internet for analysis.
The setting also blocks network access for Canvas-generated code and limits image retrieval from the web. Users can still upload images, and image generation remains available where otherwise supported.
OpenAI said the feature does not prevent prompt injections from appearing in content processed by ChatGPT. Malicious instructions could still be present in uploaded files or cached web content and may still affect the accuracy or behavior of responses.
Lockdown Mode also limits ChatGPT’s access to third-party services. For personal accounts and self-serve ChatGPT Business accounts, the setting allows connectors that use synced data but blocks live connector access and connector write actions. Some connected experiences, including finance and shopping-agent tools, are unavailable.
The feature is being rolled out to eligible Free, Go, Plus and Pro users, as well as self-serve ChatGPT Business customers. Managed workspace admins can enable Lockdown Mode through role-based access controls.
OpenAI said the setting is not meant for every user and does not guarantee that data theft through prompt injection is impossible. “Risk may remain through enabled Apps, unforeseen combinations of capabilities, or newly discovered techniques,” the company said.
