Poisoned MCP tool descriptions can trick AI agents into exfiltrating business-critical data to external systems while each individual step appears legitimate.
Lockdown Mode restricts ChatGPT functions to prevent data exfiltration through prompt injection attacks and is being rolled out gradually to all user types.