OpenAI is enhancing security measures for its ChatGPT platform by rolling out two new features designed to protect user accounts and data. These updates aim to provide users with additional tools to safeguard against potential security threats.
Introduction of Lockdown Mode
Lockdown Mode is one of the newly introduced features, offering an advanced layer of protection for ChatGPT account holders. This mode is particularly beneficial for personal and self-serve Business accounts, allowing them to mitigate the risk of data exfiltration due to prompt injection attacks.
According to OpenAI, Lockdown Mode is engineered to prevent the final stage of data theft by restricting outbound network requests that could potentially transfer sensitive information to malicious entities. However, it does not stop prompt injections from being processed by ChatGPT.
When enabled, Lockdown Mode limits functionalities such as live web browsing, image processing, deep research capabilities, agent mode, canvas networking, and file downloads. This feature is specifically designed for users and organizations handling highly sensitive data that require additional security measures.
Active Sessions Feature
The second feature, Active Sessions, empowers users to monitor where their ChatGPT accounts are signed in, enhancing account security management. Users can view active sessions and devices, and terminate any unauthorized logins.
This feature is accessible to all ChatGPT account types, excluding those linked with an organization’s Single Sign-On (SSO) configuration. Users can find this option under Settings > Security.
Advanced Account Security Measures
In addition to the aforementioned features, OpenAI has also introduced an opt-in feature known as Advanced Account Security. It provides an extra layer of sign-in protection by replacing traditional password-based logins with physical security keys or passkeys.
This feature also streamlines account recovery processes, substituting email and SMS recovery methods with backup passkeys, recovery keys, and security keys. Furthermore, it reduces the duration of sign-in sessions to minimize the risk of account takeover in case of device or session compromise.
These enhancements reflect OpenAI’s commitment to fortifying the security of its AI platforms, ensuring users’ data and accounts remain protected from evolving cyber threats.
