OpenAI, the company behind ChatGPT, has recently introduced a new security feature, Lockdown Mode, designed to reduce the risk of sensitive data being exposed through prompt injection attacks, where malicious instructions are embedded in webpages or other external content that a chatbot may process.

According to OpenAI, the feature is aimed at users and organisations that handle sensitive information and require stricter safeguards against data exfiltration risks associated with AI systems that access external data sources.

When enabled, Lockdown Mode disables several capabilities in ChatGPT, including live web browsing, access to images retrieved from the internet, deep research tools and agent-style functionality. Users can still generate images within the system, but the model will be limited to cached web content rather than real-time browsing.

OpenAI acknowledged that the feature does not eliminate the underlying risk entirely. 

“Lockdown Mode is designed to help prevent the final stage of data exfiltration from a prompt injection attack by limiting outbound network requests that could transfer sensitive data to an attacker. Lockdown Mode does not prevent prompt injections from appearing in the content ChatGPT processes. For example, a prompt injection could appear in cached web content or in an uploaded file, and could still affect the behavior or accuracy of a response,” OpenAI said in a recent blog post.

The feature is being rolled out to self-serve ChatGPT Business accounts and eligible personal users. It can be activated through the Security section in settings under Advanced security. OpenAI noted that Lockdown Mode cannot be used simultaneously with Developer Mode, as enabling one automatically disables the other.