alt Hacker NewsOn the one hand this is exactly the right solution to prevent lethal trifecta exfiltration attacks.
The existence of lockdown mode does however imply that ChatGPT, in its default settings, does not provide robust protection against sufficiently determined data exfiltration attacks!
Replies
I wonder what robust protection would mean in practice for such a capable tool like an agent...
Looking at the trifecta axis, if we assume we can't control untrusted content, that leaves us to create safeguards for private data access and external communication.
Would it be enough if we had a buffer between when these two happened: access to the environment and access to the web?
I hadn't realized that deep research or generating images that I paste into Twitter were possibly exfiltrating my data. Yikes.
Related: Simon Willison’s post on OpenAI’s new Lockdown Mode (he coined the “lethal trifecta” term this is based on): https://simonwillison.net/2026/Jun/5/openai-help-lockdown-mo...