ChatGPT Lockdown Mode Blocks Data Exfiltration Tools
▼ Summary
– OpenAI is rolling out Lockdown Mode for ChatGPT to reduce data exfiltration risks from prompt injection attacks, targeting users handling sensitive data.
– Lockdown Mode limits tools that connect to the web or external services, such as live browsing, image support, deep research, and agent mode, to block outbound network requests.
– The feature does not prevent prompt injections but aims to eliminate pathways for data exfiltration by disabling specific capabilities like file downloads and Canvas networking.
– Lockdown Mode and Developer Mode cannot be used simultaneously, and OpenAI warns it does not guarantee complete prevention of data exfiltration or other prompt injection effects.
– OpenAI also launched a feature for users to review and manage active ChatGPT sessions, including logging out of suspicious sessions to detect unauthorized account activity.
OpenAI is now rolling out ChatGPT Lockdown Mode for eligible personal accounts, a new security feature designed to curb data exfiltration risks tied to prompt injection attacks.
This optional setting targets users and organizations handling sensitive information who need stronger protection guarantees. It is available to logged-in users across Free, Plus, Pro, and self-serve ChatGPT Business plans.
“Lockdown Mode is an optional advanced security setting that limits many tools and capabilities in OpenAI products that can connect to the web or external services,” the company explained. “It is designed to reduce the risk of data exfiltration from prompt injection attacks by limiting outbound network requests, at the expense of disabling or limiting some useful features.”
The controls aim to shrink the attack surface around prompt injection, a persistent “frontier” challenge affecting all large language models (LLMs). The approach builds on existing sandboxing and safeguards to block URL-based data exfiltration, specifically curbing outbound network requests that could funnel sensitive data to attacker-controlled servers.
Lockdown Mode does not aim to prevent prompt injections from happening, nor does it alter how memory, file uploads, or conversation sharing work. Instead, its goal is to eliminate pathways for data to escape. To achieve this, the mode disables several features: live web browsing (limited to cached content only), image support (for displaying or retrieving images from the web), deep research, agent mode, Canvas networking (blocking user approval of Canvas-generated code that accesses the network), and file downloads (preventing downloads for data analysis).
OpenAI stressed the feature is “not intended for everyone.” Additionally, Lockdown Mode and Developer Mode cannot run simultaneously; enabling one disables the other.
“Lockdown Mode is designed to substantially reduce the risk of prompt injection-based data exfiltration in ChatGPT and supported OpenAI products, but it does not guarantee that data exfiltration cannot happen,” the company warned. “Risk may remain through enabled Apps, unforeseen combinations of capabilities, or newly discovered techniques. Lockdown Mode also does not prevent all other effects of prompt injection attacks. For example, a malicious instruction hidden in an uploaded file could still affect ChatGPT’s behavior, and cause an incorrect answer.”
Alongside this release, OpenAI has introduced a new account management feature that lets users review active ChatGPT sessions and log out of individual or all sessions if they detect unauthorized activity. The listed sessions include device details, app used, approximate location, sign-in date and time, trust status of the device, and whether it is the current session.
(Source: Internet)
