Lockdown Mode
berlianta
29 points
13 comments
June 06, 2026
Related Discussions
Found 5 related stories in 93.5ms across 10,002 title embeddings via pgvector HNSW
- Tell HN: OpenAI silently removed Study Mode from ChatGPT smokel · 168 pts · April 12, 2026 · 51% similar
- OpenAI Privacy Filter meetpateltech · 11 pts · April 22, 2026 · 51% similar
- Show HN: Per-user isolated environments for AI agents anup_sia · 13 pts · April 07, 2026 · 49% similar
- Show HN: PanicLock – Close your MacBook lid disable TouchID –> password unlock seanieb · 167 pts · April 17, 2026 · 47% similar
- OpenAI shutting down Sora app websku · 48 pts · March 24, 2026 · 47% similar
Discussion Highlights (5 comments)
varenc
Probably influenced by Apple's feature with the same name: https://support.apple.com/en-us/105120 I imagine that enterprise companies will be quite interested in this.
rafram
https://x.com/sama/status/1891533802779910471
kijin
So we still don't have a reliable way to separate instructions from data when talking to an LLM, a problem that humans learned how to solve decades ago in areas like SQL and memory safety. But hey, we have these hopefully-not-leaky containers, which are probably implemented with just more system prompts. How long until somebody figures out how to trick Codex into disabling Lockdown Mode for you?
madanparas
The help doc explicitly carves out Codex: "Lockdown Mode does not affect network access in Codex." The mode limits outbound requests in chat to block prompt injection exfiltration, but Codex network access is a separate setting. An enterprise team that turns on Lockdown Mode while using Codex against internal repos still has an open outbound path this mode doesn't cover.
simonw
On the one hand this is exactly the right solution to prevent lethal trifecta exfiltration attacks. The existence of lockdown mode does however imply that ChatGPT, in its default settings, does not provide robust protection against sufficiently determined data exfiltration attacks!