CybersecurityPrivacy & Surveillance

OpenAI Bolsters ChatGPT Security With New Controls

Analyst 207||Source: InfoSecMag
Person working on laptop with cityscape in background, hands poised over keyboard.
"This looks really good to me," wrote cybersecurity expert and open-source developer Simon Willison in his blog over the weekend.

Lockdown Mode: an optional, outbound-focused control

OpenAI has introduced Lockdown Mode as an optional setting for ChatGPT that limits how far the model can reach into the web and external services. First offered to enterprise plans in February, Lockdown Mode began reaching personal and self-serve business accounts in early June. OpenAI framed the feature for users and organizations that handle sensitive data rather than the general public.

Blocking the exfiltration channel, not the malicious prompt

Lockdown Mode does not prevent malicious or hidden instructions from reaching the model; researchers, OpenAI noted, have repeatedly shown how a single hidden instruction can pull data from a linked inbox or leak a user's conversations. Instead, the setting targets the last step attackers rely on: outbound network requests. By choking off those outbound requests, Lockdown Mode aims to sever an attacker's route for exfiltrating data — a defense Simon Willison described as a practical approach. OpenAI implements the protection through deterministic controls that a manipulated model cannot override, but Willison added the feature's existence also implies default ChatGPT cannot fully block a determined exfiltration attempt.

Trade-offs: what features pause under Lockdown Mode

The protection carries an operational cost. Live connector access and write actions switch off when Lockdown Mode is enabled, sidelining features explicitly named by OpenAI such as the Finances tool and shopping agents. Lockdown Mode also cannot run alongside Developer Mode. OpenAI positioned the control toward users and organizations handling sensitive data, who may be willing to accept restricted functionality in exchange for a reduced exfiltration risk.

Active Sessions: session auditing and its limits

Alongside Lockdown Mode, OpenAI added Active Sessions to ChatGPT's security settings, giving users the ability to audit where their account is logged in. Each session entry can show device or browser details, an approximate location and sign-in time, which first-party app was used (for example, ChatGPT or Codex), and whether the device is trusted or represents the current session. Users can end a single session or sign out everywhere at once; OpenAI warns that a full sweep can take up to 30 minutes. If an entry looks unfamiliar, OpenAI advises changing the password, reviewing sign-in methods, and contacting support.

Service constraints: SSO accounts and third-party sessions

Active Sessions has notable gaps for larger organizations. The feature is unavailable on accounts that use single sign-on (SSO), including SAML and OpenID Connect. It also does not track third-party app sessions or Codex CLI logins, leaving those access paths outside the new session audit capability.

What this means for technologists, procurement leaders, and end users

  • Technologists and security teams: Lockdown Mode offers a deterministic control that severs outbound requests, a practical mitigation against prompt-injection exfiltration according to Simon Willison's assessment. Teams will have to weigh that protection against losing live connectors and write actions — forgoing tools such as the Finances tool and shopping agents — and the inability to combine Lockdown Mode with Developer Mode.
  • Procurement and organizational leaders: OpenAI pitched Lockdown Mode toward users and organizations that handle sensitive data. Procurement decisions will hinge on whether the trade-offs in functionality are acceptable for risk reduction, and whether accounts relying on SSO should seek alternative monitoring or compensate for Active Sessions' unavailability on those accounts.
  • End users: Active Sessions gives individuals a way to audit sign-ins and to terminate sessions, but the feature does not cover SSO-based accounts, third-party app sessions, or Codex CLI logins. Users who see unfamiliar sessions are directed to change passwords, review sign-in methods, and contact support.

OpenAI's changes acknowledge a clear, demonstrated attack vector — hidden or injected instructions that can lead to data leakage — and respond by cutting the exfiltration route rather than attempting to parse or sanitize each malicious prompt. That design choice forces a familiar security calculus: reduce capability to reduce risk. How widely organizations accept those limits, and how they fill the visibility gaps left by SSO and third-party access, will determine whether the controls materially change the threat landscape for sensitive ChatGPT users.

Original story

Ai SecurityArtificial IntelligenceData ProtectionEmerging ThreatsEnterprise SecurityGenerative AiLockdown ModeChatgpt Security Controls
Related Intelligence

Continue Reading

Modern server equipment in a well-lit network operations room with a city view.

UniFi OS Bug Lets Hackers Gain Root Without Authentication

A critical bug in UniFi OS can be exploited by hackers to gain root access without any login credentials, user interaction, or prior access, putting your system at risk. Three vulnerabilities, now patched, can be chained together to allow remote code execution with root privileges.

Analyst 207
Dimly lit network operations center with a single laptop screen displaying a VPN connection interface.

Check Point VPN Flaw Exposed, Bypasses Passwords in IKEv1 Setups

A critical flaw in Check Point VPN setups has been exposed, allowing attackers to bypass passwords and establish a VPN session without proper authentication in certain configurations. This vulnerability, tracked as CVE-2026-50751, impacts Remote Access VPN and Mobile Access deployments using the outdated IKEv1 protocol.

Analyst 207
Security analysts work at a large workstation surrounded by screens displaying data visualizations and threat maps.

Wazuh Cloud Tackles Security Ops Complexity With AI-Driven Analysis

Tired of drowning in security ops complexity? Wazuh Cloud simplifies threat detection and response with AI-driven analysis, freeing you from infrastructure headaches and empowering you to stay ahead of evolving threats like ransomware and supply chain attacks.

Analyst 207
Researcher standing in front of computer screen with abstract notes in a modern lab setting.

OWASP Researcher Warns of Unsolved Prompt Injection Risk in AI Development

Ariel Fogel, an AI security researcher, warns that organizations are rapidly deploying AI agents without proper governance, leaving a critical vulnerability - prompt injection - unsolved. This architectural flaw in large language models allows inputs to be processed as a single token sequence, with no reliable way to enforce privilege boundaries.

Analyst 207