OpenAI Adds 'Lockdown Mode' to ChatGPT

- The primary vulnerability these features address is "prompt injection," where an attacker embeds malicious instructions within a prompt to trick the AI into executing unintended actions or leaking sensitive data from the conversation. - In practice, "Lockdown Mode" disables several functions: web browsing is limited to cached content with no live internet requests, ChatGPT cannot generate images in its responses, and features like "Deep Research" and "Agent Mode" are turned off. - This is an optional setting targeted at a small subset of high-risk users, such as corporate executives or security teams, and is initially available on ChatGPT Enterprise, Edu, Healthcare, and for Teachers plans. - Workspace administrators for business plans can enable Lockdown Mode for specific users by creating and assigning a custom role in the settings. - The "Elevated Risk" labels serve as a user-facing warning on features within ChatGPT, ChatGPT Atlas, and Codex that could create security risks, such as granting the AI access to browse the web or interact with third-party applications. - These security enhancements follow past incidents, including a March 2023 bug that exposed the chat titles and partial payment data of some ChatGPT Plus subscribers. - While Lockdown Mode is designed to prevent data from being sent out, OpenAI clarifies that it does not deterministically stop a prompt injection from entering the chat's context, for example, via a malicious phrase in cached web content. - A consumer-facing version of Lockdown Mode is planned for a future release in the coming months.