CybersecurityPrivacy & Surveillance

OpenAI Bolsters ChatGPT with Lockdown Mode to Curb Data Exfiltration Risks

Analyst 207||Source: TheHackerNews
Person working on laptop in minimalist office with blurred screen, focused expression.

"Lockdown Mode is an optional advanced security setting that limits many tools and capabilities in OpenAI products that can connect to the web or external services," OpenAI said.

OpenAI's Lockdown Mode: who it's for and where it appears

OpenAI has begun rolling out a new Lockdown Mode to ChatGPT for eligible personal accounts and self-serve ChatGPT Business plans. The company said the feature is primarily designed for "people and organizations that handle sensitive data and require stricter protection guarantees." Lockdown Mode is available to logged-in users across Free, Go, Plus, and Pro tiers, as well as the self-serve ChatGPT Business plans.

Disabled features and how they block exfiltration

OpenAI says Lockdown Mode reduces the risk of data exfiltration from prompt injection attacks by limiting outbound network requests. To eliminate potential pathways for data leaving the model, the setting disables or restricts a set of capabilities that can connect to the web or external services. The company lists the disabled features as:

  • Live web browsing, which is limited to accessing only cached content
  • Image support, for displaying images in regular responses or retrieving images from the web
  • Deep research
  • Agent mode
  • Canvas networking, which prevents users from approving Canvas-generated code to access the network
  • File downloads, which block downloading files for data analysis

OpenAI says these safeguards build upon sandboxing and existing controls to combat URL-based data exfiltration mechanisms specifically by limiting outbound network requests that could potentially transmit sensitive data to attacker-controlled infrastructure.

Prompt injection remains a frontier — limits and residual risks

OpenAI frames Lockdown Mode as a mitigation targeted at a particular attack vector, not a universal cure. The company cautioned that "Lockdown Mode is designed to substantially reduce the risk of prompt injection-based data exfiltration in ChatGPT and supported OpenAI products, but it does not guarantee that data exfiltration cannot happen." OpenAI added that "Risk may remain through enabled Apps, unforeseen combinations of capabilities, or newly discovered techniques."

The company also emphasized that Lockdown Mode "does not prevent all other effects of prompt injection attacks." It noted, by example, that "a malicious instruction hidden in an uploaded file could still affect ChatGPT's behavior, and cause an incorrect answer." OpenAI further clarified the setting's scope by saying it does not change the way memory or file uploads work, or the ability to share a conversation — the goal is to remove the pathways that could be used to transmit data externally.

New account session management: visibility and control

Alongside Lockdown Mode, OpenAI launched a new account management feature that lets users review active ChatGPT sessions and log out of individual or all sessions if they see signs of unauthorized account activity. The session list includes information about the device, the app used, approximate location, sign-in date and time, whether the device is trusted, and whether it's the current session.

OpenAI also pointed out a configuration constraint: Lockdown Mode and Developer Mode cannot be used at the same time; turning on one disables the other.

What this means for technologists, enterprises, and end users

  • Technologists and security teams: Lockdown Mode provides an additional control to harden the attack surface against URL-based prompt injections by limiting outbound network access and certain connected features. Teams will need to weigh the protection benefits against disabled capabilities such as live browsing, image support, agent mode, and file downloads.
  • Enterprises and procurement leaders: The setting is available on Free, Go, Plus, Pro, and self-serve ChatGPT Business plans, offering a self-service option for organizations that "handle sensitive data" and want stricter guarantees without relying on external approvals or custom deployments.
  • End users and the general public: Users who turn on Lockdown Mode should expect reduced functionality — searches limited to cached content, no image retrieval in responses, blocked file downloads, and limited agent and Canvas networking capabilities — in exchange for a narrower attack surface. They should also be aware that Lockdown Mode is a mitigation, not an absolute safeguard.

OpenAI presents Lockdown Mode as a targeted trade-off: accept less functionality in return for fewer outward data pathways. The company’s own language underscores that the setting reduces certain risks without eliminating them, leaving room for enabled apps, capability combinations, or novel techniques to remain vectors. Organizations and individuals handling sensitive information now have a built-in option to reduce some exfiltration pathways, but the record is explicit that control and vigilance must continue.

Source: The Hacker News

Artificial IntelligenceChatgptCloud SecurityData ExfiltrationData ProtectionEmerging ThreatsOpenaiAdvanced ThreatsLockdown ModeSecure Configuration
Related Intelligence

Continue Reading

Laptop screen displays code editor with blurred background of software development facility.

AI Agent Exposes 21 Zero-Days in Widely Used FFmpeg Library

In a single, remarkable run, an AI-powered security agent uncovered 21 zero-day vulnerabilities in the widely-used FFmpeg library, a feat that cost just $1,000 and showcases the incredible potential of autonomous security testing. The agent scanned 1.5 million lines of code to produce these groundbreaking findings.

Analyst 207
Security researcher at laptop workstation with blurred screen, conveying tension.

Microsoft Revives Vulnerability Disclosure Debate with Researcher Crackdown

Microsoft is stirring up controversy in the vulnerability disclosure debate, clashing with a security researcher over the responsible handling of zero-day vulnerabilities. The tech giant's strong response, including threats of legal action, has sparked heated discussion on coordinated disclosure.

Analyst 207
Courthouse interior with judge's bench and law enforcement presence in background.

US Crackdown Targets Dark Web Drug Trafficker with 26-Year Sentence

In a major victory for justice, Darren Hughes, a 39-year-old dark web drug trafficker, has been sentenced to over 26 years in federal prison for peddling poison to unsuspecting victims. This harsh sentence sends a strong message to those who think they can hide behind the anonymity of the dark web.

Analyst 207
Employees work on laptops in a brightly-lit office space with rows of computer workstations and technology equipment.

AI Agents Expose Security Risks in 93% of Organizations

Most organizations are unwittingly rolling out AI agents with access to sensitive tasks, leaving them vulnerable to security breaches. In fact, only 32% of teams feel very confident they could recover from exposed admin credentials, highlighting a disturbing gap in control and preparedness.

Analyst 207