As artificial intelligence systems become more connected to the web and third-party apps, OpenAI is rolling out new safeguards aimed at preventing a growing cyber threat known as prompt injection.

The company on Tuesday announced two new protections for ChatGPT and related tools: an optional Lockdown Mode designed for high-risk users, and standardized “Elevated Risk” labels for certain features that may introduce additional security concerns.

Prompt injection attacks occur when a malicious third party attempts to manipulate an AI system into following harmful instructions or exposing sensitive data. As AI tools take on more complex tasks, including browsing the web or interacting with connected apps, the risks of data exfiltration increase.

Lockdown Mode is intended for a small group of highly security-conscious users, such as executives or security teams at major organizations. It is not designed for most users.

When enabled, Lockdown Mode tightly restricts how ChatGPT interacts with external systems. Certain tools and capabilities that could potentially be exploited in prompt injection attacks are deterministically disabled.

For example, web browsing in Lockdown Mode is limited to cached content, meaning no live network requests leave OpenAI’s controlled network. Some features are turned off entirely when OpenAI cannot provide strong guarantees that data will remain secure.

The feature builds on existing protections across OpenAI’s systems, including sandboxing, URL-based data exfiltration safeguards, monitoring and enforcement mechanisms, and enterprise-level controls such as role-based access and audit logs.

Lockdown Mode is available for ChatGPT Enterprise, ChatGPT Edu, ChatGPT for Healthcare and ChatGPT for Teachers. Workspace administrators can enable the setting through role-based controls and apply additional restrictions on top of existing configurations.

Admins also retain granular control over which apps — and which specific actions within those apps — remain accessible when Lockdown Mode is active. Separately, OpenAI’s Compliance API Logs Platform provides visibility into app usage, shared data and connected sources.

OpenAI said it plans to expand Lockdown Mode to consumer users in the coming months.

Alongside the new security setting, OpenAI is standardizing how it communicates risk to users. Certain network-related capabilities in ChatGPT, ChatGPT Atlas and Codex will now carry a consistent “Elevated Risk” label.

The label is meant to inform users when a feature may introduce additional security considerations, particularly when interacting with private or connected data.

In Codex, OpenAI’s coding assistant, developers can grant the tool network access to perform tasks such as looking up documentation online. The relevant settings screen now displays an “Elevated Risk” label, along with an explanation of the potential risks and when enabling the feature may be appropriate.

OpenAI said it will remove the label from features once security safeguards have sufficiently mitigated the associated risks. The company also noted that the list of labeled features may change over time as threats evolve.