ChatGPT Lockdown Mode Limits Tools to Prevent Data Exfiltration

OpenAI has launched a new 'Lockdown Mode' for eligible personal ChatGPT accounts, aiming to bolster defenses against prompt injection attacks and prevent sensitive data exfiltration. This advanced security setting, available across Free, Go, Plus, Pro, and self-serve ChatGPT Business plans, restricts the use of tools that connect to external services.

The primary objective of Lockdown Mode is to reduce the risk of malicious actors extracting data through sophisticated prompt injection techniques. "Lockdown Mode is an optional advanced security setting that limits many tools and capabilities in OpenAI products that can connect to the web or external services," OpenAI stated in an announcement. "It is designed to reduce the risk of data exfiltration from prompt injection attacks by limiting outbound network requests, at the expense of disabling or limiting some useful features." These safeguards are built upon existing sandboxing measures and controls to counter URL-based data exfiltration, specifically by limiting outbound network requests that could potentially divert sensitive information to attacker-controlled infrastructure.

While the mode does not aim to prevent prompt injections entirely, nor does it alter memory or file upload functionalities or conversation sharing, it focuses on closing off potential data leakage pathways. Consequently, Lockdown Mode disables several key features: live web browsing is restricted to cached content only, image support for displaying or retrieving images is limited, Deep Research and Agent mode functionalities are curtailed, Canvas networking that allows users to approve code access to the network is prevented, and file downloads for data analysis are blocked.

Security Enhancements and Limitations

OpenAI emphasized that Lockdown Mode is not intended for all users. The company also noted that this new security feature cannot be used concurrently with Developer Mode; activating one automatically disables the other.

"Lockdown Mode is designed to substantially reduce the risk of prompt injection-based data exfiltration in ChatGPT and supported OpenAI products, but it does not guarantee that data exfiltration cannot happen," OpenAI cautioned. "Risk may remain through enabled Apps, unforeseen combinations of capabilities, or newly discovered techniques." Furthermore, the mode does not protect against all consequences of prompt injection attacks. For instance, hidden malicious instructions within an uploaded file could still influence ChatGPT's behavior and lead to inaccurate responses.

This security update arrives as OpenAI also rolled out a new account management feature. This addition allows users to review active ChatGPT sessions and log out of specific or all sessions if unauthorized activity is suspected. The session review provides details such as the device used, the application, approximate location, sign-in date and time, and whether the device is recognized as trusted or is the current session. These combined features represent OpenAI's ongoing efforts to enhance user security and protect sensitive information within its AI ecosystem.