OpenAI rolls out Lockdown Mode to all ChatGPT users to combat prompt injection attacks

OpenAI Rolls Out Lockdown Mode to Fight Prompt Injection Attacks

The new feature promises increased protection against these types of attacks, but you'll have to sacrifice a lot of functionality, including live web browsing and image retrieval from the web. As LLM use has skyrocketed in recent years, researchers are increasingly identifying prompt injection attacks as a critical security issue, with such attacks growing in prevalence year-on-year. These are attacks where a bad actor misleads an AI model by injecting malicious instructions into a conversation. Hackers may hide instructions inside content that an AI processes, for example, a PDF file or website, with the ultimate aim of extracting valuable company data. Now, OpenAI is rolling out Lockdown Mode, an optional security setting that limits its products' ability to connect to the web or external services. It does this by limiting outbound network requests, though at the expense of disabling or limiting some useful features. This means that, in a worst-case scenario, if you do encounter malicious prompts, ChatGPT may not be able to share any data with third parties, acting as a final line of defence. There are, however, some pretty significant trade-offs you'll need to make for the added security. Once enabled, web browsing is limited to accessing only cached content, meaning you'll have limited access to freshly updated web pages. Meanwhile, ChatGPT may not display images in regular responses or retrieve images from the web, but you can still upload image files and generate your own images. In addition, ChatGPT won't be able to download files for data analysis, and users cannot approve Canvas-generated code to access the network. Deep Research and Agent Mode will also be disabled, and you won't be able to put ChatGPT into Developer Mode. Though Lockdown Mode is available for all account types and workspaces, OpenAI says it's only intended for users and organizations handling sensitive data. If you think the trade-offs are worth the security benefits and you'd like to enable Lockdown Mode, head to Settings. Then select Security and, under Advanced Security, turn on Lockdown Mode. Finally, select Turn On when the tool asks you to confirm. OpenAI notes that while the new feature is designed to "substantially reduce" the risk of successful prompt injection-based data exfiltration in its products, it does not guarantee protection against newly discovered techniques or combinations of methods. The risks of prompt injection attacks continue to plague new products coming out of the AI industry. In August 2025, researchers at Anthropic were able to compromise users of its Claude for Chrome browser extension with a 23.6% success rate via prompt injections while the product was still in beta. Meanwhile, that same month, researchers from Brave demonstrated that Perplexity's Comet AI browser was vulnerable to these types of attacks.

ChatGPT just gave Free users a powerful defense against prompt injection attacks

* OpenAI's Lockdown Mode blocks live outbound network requests to stop LLM hijacking attempts. * It disables or limits features that make external calls, trading some functionality for privacy. * Lockdown Mode is now rolling out to Free, Plus, Pro, Go, and self-serve Business ChatGPT accounts. The world of cybersecurity was almost totally reshaped with the introduction of LLMs. We saw both hackers and security experts use the new tech to develop bigger and better programs to fight one another, and the battle is still escalating to this day. However, the rise of AI also created a new world of attacks where hackers are hijacking LLMs to do their bidding. OpenAI's Lockdown Mode was an answer to these attacks, but it wasn't available to everyone; at least, until today. Now, the company is allowing everyone, even Free users, to stay safe while using ChatGPT. ChatGPT's Lockdown Mode arrives for all users It's good to have if you're worried about privacy Back in February, OpenAI published a blog post detailing what Lockdown Mode is. Basically, when someone sends an AI to perform a task on the web, malicious actors can sometimes 'lace' their webpages and materials with prompts. These attempt to 'hijack' the AI and have it send personal data to the attacker, all without the user knowing. To solve this, Lockdown Mode was introduced. When enabled, it prevents ChatGPT from making live outbound network requests. As such, if a bad actor tries to trick your LLM into surrendering your personal data, Lockdown Mode will step in and stop ChatGPT from sending anything over. It also disables or limits specific features that depend on outbound requests, but it's good if you're privacy-minded. When Lockdown Mode first released, it was only available to select users. Now, the blog post has been updated to read the following: Lockdown Mode is rolling out to personal ChatGPT accounts as well as self-serve ChatGPT Business accounts. First introduced for ChatGPT enterprise plans, Lockdown Mode is an optional setting for people and teams who want a more conservative ChatGPT experience when working with sensitive information or connected features. The Lockdown Mode documentation explicitly confirms that "Free, Go, Plus, and Pro, and self-serve ChatGPT Business accounts" can now use it. It may take a while for it to fully roll out, but you can check if you have it by going to ChatGPT's Settings, then Security. You should see Lockdown Mode under the Advanced Security section with a toggle. ChatGPT can now remember you better by dreaming about you while it "sleeps" It's much better at recalling past facts now. Posts 1 By Simon Batt

OpenAI rolls out a Lockdown Mode for extra protection against prompt injection attacks - Engadget

OpenAI has begun rolling out Lockdown Mode, an optional security setting designed to offer users advanced protection from prompt injection attacks. For the unfamiliar, prompt injection is a form of social engineering that is specific to conversational chatbots. As AI systems have become better at pulling information from the internet, people have begun hiding malicious instructions on webpages and other places to try and trick those systems. OpenAI is billing Lockdown Mode as a sort of last line of defense against prompt injections, building on the robust protections that it says it already offers through ChatGPT, its models and backend systems. "Lockdown Mode is not intended for everyone," OpenAI explains. "It is designed for people and organizations that handle sensitive data and want stricter protection from data exfiltration risks related to prompt injection." To that end, enabling Lockdown Mode limits some of the features OpenAI offers through ChatGPT and its other products. For instance, you can still use image generation and upload photos to ChatGPT, but it may not pull images from the internet or display any images inside of a response. The chatbot also cannot download files to analyze, though you can still manually upload documents if you want its insight. Other features, such as Deep Research and Agent Mode are disabled completely. "Lockdown Mode does not change memory, file uploads, the ability to share a conversation, or whether your conversations may be used to improve models," OpenAI adds. "Many of these settings are separately configurable by workspace admins." The company also notes Lockdown Mode won't stop prompt injections from appearing in content ChatGPT processes. Instead, it's designed to prevent an attacker from extracting sensitive data from your account by limiting network requests that someone could exploit. Lockdown Mode is available to all personal accounts, including those using ChatGPT through OpenAI's free tier. To activate it, open ChatGPT's settings menu and select Safety and security. Under Advanced security, tap Lockdown mode and flip on the toggle. You can temporarily disable the additional protection by selecting Manage from the status message that appears above the chat window and selecting Turn off for this chat. Separately, OpenAI is rolling out an active session manager that allows users to see any devices or browsers that have been used to access their account. From there, the company offers the option to log out of individual or all sessions at once. Just note the latter can take up to 30 minutes to complete. "If you suspect unauthorized account activity, change your password if you use one, review your sign-in methods, and contact OpenAI Support," the company adds.