ChatGPT now has two new safety features – Lockdown Mode and Elevated Risk Labels – to lower the chance of data getting out when people use it with websites, apps, or other things on the internet. These were added because of increasing worry about online fraud, data being leaked, and a difficult-to-deal-with threat called prompt injection. The point of the features is to give people better warnings and more control.
What the new safety features do
Elevated Risk Labels are clear warnings that show up when ChatGPT is about to go to a website, app, or tool outside of itself, which could mean a greater possibility of data being shown to others. The label asks users if they want to go on, and makes the danger clear, instead of letting it happen without the user knowing because of what the system does. Lockdown Mode does even more, by limiting the connections ChatGPT can make to outside systems and tools on the web. When turned on, it brings down the number of ways data could be leaked, and turns off anything that can’t guarantee data will be safe. The goal is to cut down on the chances for attacks on chats with private information.
Prompt injection and what it can do
Prompt injection is a sort of attack where someone who’s up to no good puts hidden instructions in a document or on a webpage. If an AI model takes in that content without being protected, it might do what the attacker wants while doing what a user has asked. It might not look like anything is wrong. You ask the AI to make a summary of a webpage, and the page has hidden commands that tell the model to get or show private data. In the worst case, private information could be shown without the user realising the model did what a hidden command told it to do.
How Elevated Risk Labels work in the real world
Elevated Risk Labels are made to appear when ChatGPT finds that something it’s doing could include outside resources or third-party links. The system then shows a clear label to let the user know that going on might have an extra risk of data being shown to others. This leaves the final choice to the user, but makes possible dangers clear. It is very useful in ways of working that put AI together with browsing, plugins, or other services where data might go outside the chat area.
Lockdown Mode what it does and where to get it
Lockdown Mode limits what ChatGPT can do with tools that need access to the web or connect to outside servers. It closes off the routes that attackers might use to take sensitive data while browsing or using tools. The feature is for people who regularly deal with private information – such as reporters, people in finance, government workers, and those in health care. By limiting outside links, Lockdown Mode lets people have safer, more certain chat sessions for tasks with high risk. People in charge can turn on Lockdown Mode for workspaces and product levels that qualify. It is for ChatGPT Enterprise, ChatGPT Edu, ChatGPT for Healthcare, and ChatGPT for Teachers, and can be turned on by IT people in charge through workspace settings.
What this means for groups and people
For companies and institutions, the two features show how important it is to put AI use together with clear safety rules. Elevated Risk Labels give users a clear view of what’s happening, while Lockdown Mode gives those in charge a way to make safe the areas where protecting data is most important. People using it should weigh how easy something is against the risk. A lot of users won’t need the strongest safety for everyday tasks, but anyone working with services tied to who they are, banking, or data that belongs to a company should think about turning on tighter controls, or using special company areas.
What’s next for AI safety and use
As a whole, these protections show a more careful way to put AI to use where private data is kept. As AI becomes part of financial systems, services to prove who people are, and ways companies work, safety moves from something added on to a key part of how a product is designed. Elevated Risk Labels and Lockdown Mode are practical steps to lower prompt injection and similar ways of attack. They don’t get rid of all risk, but they make it harder and give users and people in charge clearer tools to deal with being shown to others.
