A type of attack called prompt injection lets bad actors embed hidden instructions inside files and websites — instructions your AI will follow. OpenAI just built a fix, but it's not for most people. Here's what to know.
When you use ChatGPT to read a PDF, summarize a webpage, or analyze a document, the AI processes everything in that file. That's the point. But it also means that if a bad actor has hidden instructions inside that content — invisible to you, perfectly readable by the AI — the model may follow those instructions instead of yours.
This is called a prompt injection attack. Researchers have demonstrated it across multiple AI platforms: a malicious PDF that quietly instructs your AI assistant to forward sensitive information, a webpage with hidden text that hijacks what your chatbot does next. As more people use AI tools for real work — opening files, summarizing emails, analyzing contracts — the exposure grows.
OpenAI this week released a feature called Lockdown Mode in direct response. It cuts off ChatGPT's ability to make outbound network connections, which stops data from leaving even if an injection succeeds. The tradeoff is steep: no web browsing, no file downloads, no Deep Research, no Agent Mode. OpenAI says it's designed for organizations handling sensitive data — not everyday users.
The hygiene.guide checklist walks you through the essential steps — in plain language, at your own pace. Free, no account needed.
Start the checklist — it's free →