New ChatGPT Lockdown Mode Limits Tools That Could Enable Data Exfiltration

Staff Editor 2026-06-06
New ChatGPT Lockdown Mode Limits Tools That Could Enable Data Exfiltration

New ChatGPT Lockdown Mode Limits Tools That Could Enable Data Exfiltration

https://thehackernews.com/2026/06/new-chatgpt-lockdown-mode-limits-tools.html

Publish Date: 2026-06-06 09:36:00

Source Domain: thehackernews.com

Ravie LakshmananJun 06, 2026Cybersecurity / Artificial Intelligence

OpenAI has begun rolling out a new Lockdown Mode to ChatGPT for eligible personal accounts to reduce the risk of data exfiltration arising from prompt injection attacks.

The feature is primarily designed for people and organizations that handle sensitive data and require stricter protection guarantees. Lockdown Mode is available to logged-in users across Free, Go, Plus, and Pro, and self-serve ChatGPT Business plans.

“Lockdown Mode is an optional advanced security setting that limits many tools and capabilities in OpenAI products that can connect to the web or external services,” OpenAI said.

“It is designed to reduce the risk of data exfiltration from prompt injection attacks by limiting outbound network requests, at the expense of disabling or limiting some useful features.”

The safeguards are aimed at hardening the attack surface against prompt injections, which continues to be a “frontier” problem impacting all large language models (LLMs).

Specifically, they build upon sandboxing and existing controls to combat URL-based data exfiltration mechanisms to limit outbound network requests that could potentially transmit sensitive data to attacker-controlled infrastructure.

The idea is not to stop prompt injections from occurring. Nor does it change the way memory or file uploads work, or the ability to share a conversation. Rather, the goal is to eliminate potential pathways through which the data could be exfiltrated. To that end, Lockdown Mode disables the following features –

  • Live web browsing, which is limited to accessing only cached content
  • Image support, for displaying images in regular responses or retrieving images from the web
  • Deep research
  • Agent mode
  • Canvas networking, which prevents users from approving Canvas-generated code to access the network
  • File downloads, which block downloading files for data analysis

Pointing out the feature is not “intended for…

Source

More Stories

RSU cybersecurity graduate, student leader accepts staff position in Student Affairs | News

RSU cybersecurity graduate, student leader accepts staff position in Student Affairs | News

Staff Editor 2026-06-06
Canada parliament passes cybersecurity bill amid privacy concerns – JURIST

Canada parliament passes cybersecurity bill amid privacy concerns – JURIST

Staff Editor 2026-06-06
Gaming soundbar can be hijacked from over 16 yards away without touch or pairing — the company allegedly refuses to label the blatant security flaw a cybersecurity risk

Gaming soundbar can be hijacked from over 16 yards away without touch or pairing — the company allegedly refuses to label the blatant security flaw a cybersecurity risk

Staff Editor 2026-06-06

Terms and Conditions - Privacy Policy