# ChatGPT 的新封鎖模式停用即時瀏覽、代理模式及深度研究,以阻止透過提示注入進行的資料外洩。 *genai · news · 2026-06-07 · TNW* ## Key points - OpenAI 的封鎖模式停用瀏覽、代理和研究功能,以阻止提示注入資料外洩。 - 封鎖模式現已對所有登入用戶開放,包括免費、Go、Plus 及商業方案。 - 此功能關閉外發通道,但不會阻止提示注入影響模型行為。 - 封鎖模式與開發者模式互斥,無法同時啟用。 - OpenAI 也新增了會話管理工具,用於檢視及登出活躍的 ChatGPT 會話。 TL;DR ChatGPT’s new Lockdown Mode disables live browsing, agent mode, and deep research to block data exfiltration via prompt injection. Available on all plans. OpenAI has begun rolling out Lockdown Mode to ChatGPT, a new security setting designed to block attackers from stealing data through prompt injection attacks. The feature disables live web browsing, agent mode, deep research, image retrieval, Canvas networking, and file downloads. It is available to logged-in users across Free, Go, Plus, Pro, and self-serve ChatGPT Business plans. Prompt injection remains what OpenAI calls a “frontier” problem affecting all large language models. The attack works by hiding malicious instructions in content the model processes, such as a webpage or uploaded file. If the model follows those instructions, it can be tricked into sending sensitive data to an attacker-controlled server. Lockdown Mode does not stop injections from happening. A malicious payload embedded in a cached webpage or uploaded PDF can still influence the model’s behaviour. What it does is shut down the outbound pathways an attacker would use to exfiltrate the data. No live browsing means no network requests to external servers. No image retrieval means no pixel-based data channels. “Lockdown Mode is designed to substantially reduce the risk of prompt injection-based data exfiltration, but it does not guarantee that data exfiltration cannot happen,” OpenAI said. “Risk may remain through enabled Apps, unforeseen combinations of capabilities, or newly discovered techniques.” The trade-off is significant. With Lockdown Mode on, ChatGPT loses most of what makes its agent and research features useful. Live browsing drops to cached content only. Agent mode is gone entirely. Deep research is disabled. It is, as OpenAI acknowledges, “not intended for everyone.” The feature arrives as prompt injection attacks on AI agents have become a growing concern. Security researchers have demonstrated hijacks against agents from Anthropic, Google, and Microsoft via their GitHub Actions integrations. All three paid bug bounties but published no public advisories. The underlying weakness is fundamental: LLMs cannot reliably separate data from instructions. Lockdown Mode and Developer Mode cannot be used simultaneously. Turning one on disables the other. OpenAI also launched a separate session management feature that lets users review active ChatGPT sessions and log out of individual devices if they spot unauthorised activity. **Companies:** OpenAI **Countries:** United States [Read the full story on TNW](https://thenextweb.com/news/chatgpt-lockdown-mode-prompt-injection) --- Canonical: https://newsio.io/zh-TW/n/eedd24c7-80bf-44ff-b6ff-7568d9c844ab/chatgpt Summarized by Newsio from TNW. https://newsio.io/how-it-works