The point: Lockdown Mode protects against prompt injection only at the surface level, not at the content level where LLM data exfiltration occurs.
OpenAI has announced a “Lockdown Mode” for ChatGPT, which represents the first official confirmation of prompt injection risks and data exfiltration via MCP connectors. However, the mode does not adequately address these systemic risks, as it operates at the application level while the actual threat exists at the content level.
OpenAI’s announcement of the new “Lockdown Mode” for ChatGPT marks the first official confirmation that prompt injection attacks and associated data exfiltration via Model Context Protocol (MCP) connectors represent a systematic security risk for enterprises. These attack vectors are no longer theoretical but practically deployable and represent a compliance-relevant factor in production environments.
However, Lockdown Mode falls short: the mode operates at the application level and attempts to restrict user behavior or interface configuration. This is a superficial measure that does not address the underlying threat. The systematic vulnerability lies at the content level – that is, in the way Large Language Models process inputs and access external systems. As long as the model itself is not hardened against prompt injection, attackers can use carefully crafted inputs to cause the LLM to behave differently toward connected data sources and APIs than intended.
For CISOs, this means that Lockdown Mode should not be factored in as a sufficient protection measure for internal enterprise use of ChatGPT. Systems that use ChatGPT or other LLMs as an interface to sensitive data sources or business processes require additional controls at the data level – particularly access restrictions independent of LLM behavior, logging of all MCP operations, and stricter validation of LLM-generated requests to backend systems.
Source: itwelt.at · Published June 12, 2026
Lumi AI News — AI-assisted curation in accordance with Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.6.5.