{"slug": "openai-help-lockdown-mode", "title": "OpenAI Help: Lockdown Mode", "summary": "OpenAI introduced Lockdown Mode to block outbound network requests that could exfiltrate sensitive data during the final stage of a prompt injection attack. The feature does not prevent prompt injections from appearing in ChatGPT content, but it targets the data exfiltration leg of the \"Lethal Trifecta\" — the combination of private data access, untrusted content exposure, and a data-stealing channel. By cutting off the exfiltration vector with deterministic, non-AI mechanisms, Lockdown Mode aims to secure LLM systems without reducing their usefulness.", "body_md": "Lockdown Mode is designed to help prevent the final stage of data exfiltration from a prompt injection attack by limiting outbound network requests that could transfer sensitive data to an attacker. Lockdown Mode does not prevent prompt injections from appearing in the content ChatGPT processes. For example, a prompt injection could appear in cached web content or in an uploaded file, and could still affect the behavior or accuracy of a response.\n\nThis looks really good to me.\n\nThe [Lethal Trifecta](https://simonwillison.net/2025/Jun/16/the-lethal-trifecta/) occurs when an LLM system has access to all three of access to private data, exposure to untrusted content and a way to steal data and transmit it back to the attacker.\n\nThe only way to solve the trifecta is to cut off one of the three legs, and by far the easiest leg to restrict without making your LLM systems far less useful is the exfiltration vectors to steal data.\n\nIt looks to me like lockdown mode directly attacks that leg, using mechanisms that are deterministic and, crucially, are not evaluated by AI systems that themselves can be subverted by sufficiently devious attacks.\n\nTags: [security](https://simonwillison.net/tags/security), [ai](https://simonwillison.net/tags/ai), [openai](https://simonwillison.net/tags/openai), [prompt-injection](https://simonwillison.net/tags/prompt-injection), [llms](https://simonwillison.net/tags/llms), [lethal-trifecta](https://simonwillison.net/tags/lethal-trifecta)", "url": "https://wpnews.pro/news/openai-help-lockdown-mode", "canonical_source": "https://simonwillison.net/2026/Jun/6/openai-help-lockdown-mode/#atom-everything", "published_at": "2026-06-06 23:56:40+00:00", "updated_at": "2026-06-06 00:42:10.706670+00:00", "lang": "en", "topics": ["ai-safety", "large-language-models", "artificial-intelligence", "generative-ai", "ai-products"], "entities": ["OpenAI", "Lockdown Mode", "Simon Willison", "Lethal Trifecta"], "alternates": {"html": "https://wpnews.pro/news/openai-help-lockdown-mode", "markdown": "https://wpnews.pro/news/openai-help-lockdown-mode.md", "text": "https://wpnews.pro/news/openai-help-lockdown-mode.txt", "jsonld": "https://wpnews.pro/news/openai-help-lockdown-mode.jsonld"}}