OpenAI told SecurityWeek that it’s making two ChatGPT security controls more widely available, giving users additional tools to protect their accounts and data.
One of the features is Lockdown Mode, which enables owners of ChatGPT accounts, including personal and self-serve Business accounts, to reduce the risk of data exfiltration from prompt injection attacks.
“Lockdown Mode is designed to help prevent the final stage of data exfiltration from a prompt injection attack by limiting outbound network requests that could transfer sensitive data to an attacker,” OpenAI explains. “Lockdown Mode does not prevent prompt injections from appearing in the content ChatGPT processes.”
Enabling Lockdown Mode disables or limits capabilities such as live web browsing, image support, deep research, agent mode, canvas networking, and file downloads.
The AI giant noted that the feature is not intended for all users and organizations, only those that handle highly sensitive data and require extra protection against potential data exfiltration conducted through prompt injection.
Lockdown Mode can be enabled in Settings> Security> Advanced Security.
The second feature is Active Sessions, which enables ChatGPT users to review where their account is signed in. Users can see the sessions and devices they are logged into, and log out of sessions they don’t recognize.
The feature is available for all ChatGPT accounts and workspace types, except accounts linked to an organization’s SSO setup.
Active Sessions is available in Settings> Security.
The announcement comes after OpenAI unveiled a new account security feature for ChatGPT users at increased risk of targeted hacking.
The opt-in feature, Advanced Account Security, is designed to strengthen sign-in protection by disabling password-based login and requiring physical security keys or passkeys. It also covers account recovery, replacing email- and SMS-based recovery with backup passkeys, recovery keys, and security keys.
Advanced Account Security also shortens sign-in sessions to reduce the risk of account takeover in the event of a device or session compromise.
Related: OpenAI Widens Access to Cybersecurity Model After Anthropic’s Mythos Reveal
Related: 1Password Teams With OpenAI to Stop AI Coding Agents From Leaking Credentials
