OpenAI Help: Lockdown Mode
ChatGPT Lockdown Mode is rolling out to limit outbound exfiltration paths in prompt injection attacks.
Simon Willison notes that OpenAI’s previously teased Lockdown Mode is now live for eligible personal and self-serve Business ChatGPT accounts. The feature does not stop prompt injections from appearing in content, but limits outbound network requests that could leak sensitive data. He sees it as a direct mitigation for the exfiltration leg of the “Lethal Trifecta,” while implying default ChatGPT settings are not robust against determined data theft attempts.
In this short post, Simon Willison summarizes and comments on OpenAI Help's explanation of "Lockdown Mode." OpenAI previewed this feature back in February this year, and it has now officially gone live, beginning rollout to eligible individual accounts, including Free, Go, Plus, Pro, and self-serve ChatGPT Business accounts. According to OpenAI's explanation, the design goal of Lockdown Mode is to reduce the possibility of data being exfiltrated when a prompt injection attack reaches its final stage. Its approach is not to prevent ChatGPT from encountering malicious prompts, nor to guarantee that the model will not be interfered with, but rather to restrict outbound network requests that could send sensitive data to an attacker.
Free shows the 3-line summary; Pro unlocks the full deep summary (~300 words) so you never have to click through.
See Pro plans →Want the original English / full article?
Read on Simon Willison's Weblog →Summaries are AI-generated; the original article is authoritative.