OpenAI has announced a nifty new feature for ChatGPT that it says will provide additional protection from prompt injection attacks - those delightful little scenarios where malicious chatbot instructions are hidden in webpages and other content sources, just waiting to trick your AI into spilling secrets.
Lockdown Mode, as it's called, will disable a few key features to keep things safe: live web browsing (so you're stuck with cached content), the retrieval and display of images from the web (you can still generate them, because that's fine), deep research, and agent mode. Because nothing says 'secure' like turning off the things that make the product useful.
The company admits, with refreshing honesty, that even with Lockdown Mode turned on, ChatGPT could still be vulnerable to prompt injections. These could, the company notes, 'appear in cached web content or in an uploaded file, and could still affect the behavior or accuracy of a response.' In other words: this is a band-aid, not a cure.
But the goal, OpenAI says, is to reduce the likelihood that sensitive data gets shared in the process. Which is a bit like saying a seatbelt reduces the likelihood of injury in a crash - true, but you'd rather not test it.
'Lockdown Mode is not intended for everyone,' OpenAI clarifies. 'It is designed for people and organizations that handle sensitive data and want stricter protection from data exfiltration risks related to prompt injection.' So, basically, it's for those who don't want their confidential memos turning up in some hacker's chat history.
The company says it's currently rolling Lockdown Mode out to self-serve ChatGPT Business accounts, as well as eligible personal accounts. Because nothing says 'secure AI' like a feature that's still rolling out while the internet keeps being the internet.