OpenAI is tightening AI security with a new Lockdown Mode and standardized Elevated Risk labels, aiming to protect users from prompt injection and data exfiltration threats as AI systems become more web-connected and autonomous. (Source: Image by RR)

Enterprise Plans Receive Advanced Security Layer on Top of Existing Controls

OpenAI has unveiled two major security upgrades for ChatGPT aimed at countering prompt injection attacks, a growing threat as AI systems take on more complex web-connected tasks. The company announced the launch of Lockdown Mode — an optional high-security setting — alongside standardized “Elevated Risk” labels for features that introduce additional exposure. The updates reflect a broader shift in AI security thinking as models increasingly interact with external apps, documents and the public web.

Prompt injection attacks attempt to trick AI systems into following malicious instructions or leaking sensitive information. Lockdown Mode, as noted in an article at openai.com, addresses this by deterministically restricting ChatGPT’s ability to interact with external systems. For example, browsing is limited to cached content within OpenAI’s controlled network, preventing live network requests that could enable data exfiltration. Some features are fully disabled when OpenAI cannot guarantee strong safety protections, prioritizing strict containment over flexibility.

Lockdown Mode is initially available for enterprise-tier users, including ChatGPT Enterprise, Edu, Healthcare, and Teachers plans. Workspace administrators can enable the feature through role-based controls and determine which connected apps — and even which specific app actions — remain accessible. OpenAI also highlighted its Compliance API Logs Platform, which gives administrators granular oversight into data sharing and usage patterns. A consumer rollout is planned in the coming months.

In parallel, OpenAI is standardizing “Elevated Risk” labels for capabilities such as granting Codex internet access. These labels clearly inform users when enabling features that may introduce additional security exposure, especially in developer environments where models can browse documentation or execute network actions. OpenAI says the labels will be removed once safeguards sufficiently mitigate risks, signaling an evolving approach to balancing functionality and security as AI adoption accelerates.

read more at openai.com