June 2026

Your AI assistant can be hijacked
by a document you open.

A type of attack called prompt injection lets bad actors embed hidden instructions inside files and websites — instructions your AI will follow. OpenAI just built a fix, but it's not for most people. Here's what to know.

Your priority level
Take Action Now
Immediate risk
Take Action Soon
Change your habits this week
Monitor
Stay aware, no urgency
What's happening

AI tools do what they're told — even when you're not the one telling them.

When you use ChatGPT to read a PDF, summarize a webpage, or analyze a document, the AI processes everything in that file. That's the point. But it also means that if a bad actor has hidden instructions inside that content — invisible to you, perfectly readable by the AI — the model may follow those instructions instead of yours.

This is called a prompt injection attack. Researchers have demonstrated it across multiple AI platforms: a malicious PDF that quietly instructs your AI assistant to forward sensitive information, a webpage with hidden text that hijacks what your chatbot does next. As more people use AI tools for real work — opening files, summarizing emails, analyzing contracts — the exposure grows.

OpenAI this week released a feature called Lockdown Mode in direct response. It cuts off ChatGPT's ability to make outbound network connections, which stops data from leaving even if an injection succeeds. The tradeoff is steep: no web browsing, no file downloads, no Deep Research, no Agent Mode. OpenAI says it's designed for organizations handling sensitive data — not everyday users.

"Prompt injection is to AI assistants what phishing is to email — except most people don't know it exists yet."
What this means for you
For most people, the risk is low right now. Prompt injection attacks require a bad actor to get a malicious file or page in front of you specifically, and then have you feed it to an AI. That's a narrow window — for now.
The risk is higher if you use AI for work. If you regularly use AI tools to process documents from external parties — contracts, vendor files, research — you're in a more exposed position than a casual user.
This threat is early and moving fast. Security researchers are actively finding new injection techniques. The protections are still catching up. What's low risk today may not be in a year.
Lockdown Mode is not for you. Disabling web browsing, Deep Research, and Agent Mode is too high a price for the average user. It's an enterprise tool with an enterprise tradeoff.
Monitor — a few habits worth forming now
1.Be thoughtful about what you feed your AI. Documents from unknown sources, random web pages, unsolicited files — these are the vectors. You don't need to be paranoid, just aware.
2.If you use AI at work with sensitive data, ask your IT or security team whether prompt injection protections are in place. This is a reasonable question to raise now.
3.Keep an eye on this space. Prompt injection is where phishing was fifteen years ago — not yet widespread, but the trajectory is clear. The people building AI tools are taking it seriously. You should be aware it exists.

Ready to close the doors?

The hygiene.guide checklist walks you through the essential steps — in plain language, at your own pace. Free, no account needed.

Start the checklist — it's free →