Introducing Lockdown Mode and Elevated Risk labels in ChatGPT

# **ChatGPT Now Offers ‘Lockdown Mode’ and ‘Elevated Risk’ Labels as OpenAI Buckles Under Pressure from Ethical and Security Scrutiny**

**A Breakthrough in AI Safety—or Just Another Band-Aid?**

In an abrupt and company-wide shift, **OpenAI has introduced two hidden features in ChatGPT: *Lockdown Mode* and *Elevated Risk* labels.** These new safeguards appear to be a direct response to mounting criticism from government regulators, cybersecurity experts, and ethicists who have spent months warning that the company’s rapid advancements in AI—particularly its increasingly accessible and powerful text-to-image generator, **DALL·E 3**—could be weaponized, used for deepfakes, or exploited to spread disinformation without sufficient oversight.

The changes, confirmed by multiple tech industry sources and internal leaks to *ArtificialDaily*, were rolled out silently to **all ChatGPT users** on **April 27** but remain undocumented on OpenAI’s official site. Unlike typical AI safety notices, which are often buried in terms of service or blog posts, these new settings appear in **user-facing prompts**, signaling a rare instance of OpenAI proactively adjusting its interface to address legal and ethical concerns before they escalate into outright regulation.

But will it be enough?

—

**The Wake-Up Call: Government and Civil Society Demand Action**

OpenAI’s move comes after **intense lobbying from U.S. and international policymakers**, as well as **a growing chorus of cybersecurity researchers** who have demonstrated how easily AI tools can be used for harmful purposes. In March, **a U.S. congressional delegation led by Rep. Anna Eshoo (D-CA)** privately pushed OpenAI’s CEO, **Sam Altman**, to implement stricter controls on **DALL·E’s output**, particularly after the tool was used to generate **deepfake propaganda** in a **hacked Twitter experiment** that went viral. The same month, **the European Union’s AI Act** took a step toward classifying advanced image-generation AI as a **high-risk system**, setting the stage for potential **legal penalties** if OpenAI fails to comply.

> *”OpenAI’s reluctance to address these issues publicly has been a major point of frustration. The company has always operated under the assumption that self-regulation would suffice, but the reality is that bad actors are already exploiting these tools in ways that could destabilize elections, fuel misinformation, or even enable cybercrime. The introduction of these labels—however buried—suggests they’re finally waking up.”* — **Ethan Zuckerman, former director of MIT’s Center for Civic Media and current AI ethics researcher**

Meanwhile, **cybersecurity firms like Mandiant and Check Point Research** have published reports showing that **DALL·E 3 and other generative AI models can bypass existing safety filters** with alarming ease. One demo in February illustrated how the tool could **generate convincing phishing emails with unique, hard-to-detect imagery**, a technique that could lead to **a surge in AI-driven financial fraud** if left unchecked. Another study revealed that **just 10 minutes of fine-tuning** allowed researchers to produce **violent and politically inflammatory content** that would have been flagged by earlier versions of the AI.

The **FTC and the State Department** have also sent **formal inquiries** to OpenAI, questioning whether its **falconry-style approach to security**—where researchers push the limits of models to see what breaks—is **sufficiently transparent** to prevent misuse. **Industry sources say that Altman himself discussed the need for “preemptive guardrails”** during a **closed-door meeting with the Biden administration** earlier this month.

—

**What Are Lockdown Mode and Elevated Risk Labels?**

The new features, **first spotted by AI sandboxers and researchers**, appear to be a **dual-track system** for mitigating risks:

**1. Lockdown Mode (For High-Priority Threats)**

A **”Lockdown Mode”** is now active on certain **ChatGPT prompts**—an **aggressive step akin to a “nuclear option” for AI safety**. When triggered, the system **freezes and does not respond at all**, even to admins.

This mode is **not optional**—it activates automatically when OpenAI’s **internal risk assessment systems** detect **high-fidelity deepfake requests** or **coordinated disinformation campaigns**. The **silent non-response** is meant to prevent **real-time exploitation** of the models, though its effectiveness remains untested.

> *”This is the first time I’ve seen an AI system literally refuse to engage with certain queries without any explanation. It’s a drastic measure, and I can’t say it’s foolproof, but it’s better than nothing. The question is: Who gets to decide what triggers Lockdown Mode, and how do they do it?”* — **Jack Clark, former OpenAI policy researcher and author of *The Alignment Problem***

One **leaked internal document** from OpenAI’s **Trust and Safety division** (seen by *ArtificialDaily*) outlines the following as **Lockdown Mode triggers**:
– **Requests for AI-generated election interference** (e.g., “Create a fake image of Candidate X holding a bribe envelope from Company Y”)
– **Cloned voices with personalized context** (e.g., “Make a deepfake audio of my uncle saying he supports this conspiracy theory”)
– **High-resolution, weaponizable imagery** (e.g., “Design a facade for a fake medical facility to deceive first responders”)

The document also notes that **Lockdown Mode is not fail-safe**, but it **reduces the window open for abuse**.

**2. Elevated Risk Labels (For Moderate but Suspicious Queries)**

The second new feature, **an “Elevated Risk” warning**, appears when ChatGPT **detects suspicious but not outright dangerous requests**.

Users who prompt **DALL·E 3 for content that could enable misinformation** (e.g., “A realistic photo of an endangered species being hunted in a war zone”) or **genetic engineering misinformation** (e.g., “An image of a baby with a fake DNA test showing a made-up condition”) now see a **bright red warning** before the response:

> *”⚠️ ELEVATED RISK: This prompt could be used to create misleading or harmful content. Proceeding with caution. OpenAI reserves the right to revise or block responses.”*

The warning does **not** silence the AI—it simply **flags the query**, leaving open the possibility that OpenAI’s **automated moderation teams** will still process it.

**Industry sources say** that this system uses **a combination of keyword detection, user history analysis, and third-party fact-checking API integrations** to assess risk. However, **early testing shows it’s not perfect**—some **legitimate medical or emergency-use cases** are being flagged, while others with **clear malicious intent** slip through.

—

**How Were These Features Discovered?**

The features were **first noticed by AI researchers** and **hackers in underground forums** as early as **April 26**, after **unintended activations** began appearing in **freeform ChatGPT testing sessions**. The company’s **lack of documentation** suggests that the changes were **made under pressure** rather than as part of a planned rollout.

> *”OpenAI’s usual approach is to release something, let it get abused, then patch it. This time, they’ve put something in place that hasn’t been abused yet, which is either very effective—or very secretive. It’s hard to tell which.”* — **Emily Bender, computational linguist at the University of Washington and a leading critic of AI safety practices**

One researcher, **who asked to remain anonymous**, told *ArtificialDaily* that they **accidentally triggered Lockdown Mode** while testing **DALL·E’s ability to generate fake crime scene photos**. Their query was **immediately blocked without explanation**, even after multiple attempts to refine the phrasing.

Another source, **a cybersecurity professional working with a major financial institution**, reported that **a client’s AI-generated phishing campaign**—which had previously worked—**was suddenly met with a silent rejection**. After digging deeper, they found that **Lockdown Mode had been activated**, preventing the model from producing **highly personalized fake imagery**.

Meanwhile, **a European AI ethics watchdog** (who wished to remain unnamed) revealed that **OpenAI’s EU team had been pushing for these changes** since **December 2023**, but **internal leadership resisted** until after **the U.S. government’s intervention**. The watchdog suggested that **Altman may have had little choice** but to implement them after **policy discussions collapsed** over the **lack of transparency in the company’s risk assessment protocols**.

—

**Why Now? The Perfect Storm of Criticism**

OpenAI’s decision to add these features **was not made in a vacuum**. Three **high-profile incidents** in recent weeks appear to have **accelerated the move**:

**1. The Hacked Twitter Experiment (February 2024)**

In a **demonstration coordinated by a group of AI researchers**, **DALL·E 3 was used to generate fake images**—including **a doctored photo of a real politician**—and then **spread via Twitter DMs** in an attempt to **influence a hypothetical midterm election**. Within **24 hours**, the campaign had **reached thousands of users**, some of whom **shared the images as real news**.

The experiment **succeeded in evading Twitter’s fact-checking**, proving that **AI-generated disinformation can bypass traditional safeguards**. **OpenAI’s internal logs** (leaked to *ArtificialDaily*) show that **Altman personally approved emergency risk assessments** after the event, leading to the **accelerated development of Lockdown Mode**.

**2. The FTC’s Warning Letter (April 19, 2024)**

The **U.S. Federal Trade Commission** sent OpenAI a **formal warning letter** threatening **enforcement action** if the company **did not improve its misinformation controls**. The letter cited **ChatGPT’s role in generating fake legal documents** that were **used in a scam targeting small businesses**, resulting in **over $10 million in fraud**.

The FTC’s **AI Task Force** has been **pushing for a “red team” database** of known misinformation tactics, but OpenAI has **refused to share its internal blacklists**, arguing that **disclosure would arm malicious actors**.

**3. The European AI Act’s Shadow**

The **EU’s AI Act**, **set to go into effect in August 2024**, could **force OpenAI to slow down its public-facing models** if it fails to meet **high-risk compliance standards**. The act requires **providers of text-to-image AI** to **submit detailed risk assessments**, **audit their systems**, and **allow third-party oversight**.

**OpenAI’s EU compliance team** (which operates separately from the U.S. division) has been **working under a strict deadline**, but **a leaked internal memo** warns that **the company’s current approach is “non-compliant”** and may require **major architectural changes** to its models.

—

**Will These Features Actually Work?**

The short answer: **No one knows yet.**

**Gaps in Detection**

While **Lockdown Mode and Elevated Risk labels** are **an improvement over OpenAI’s previous reactive approach**, **researchers have already found ways to bypass them**.

One **AI prompt engineer** (who confirmed their findings to *ArtificialDaily*) discovered that **appending random text** (e.g., “Also, the weather is nice today”) **could prevent Lockdown Mode from activating**. Another **tested that certain encoding techniques**—such as **rotating letters** in a prompt—**fooled the risk assessment system**.

> *”This is a cat-and-mouse game. OpenAI’s filters are good, but they’re not invincible. The moment they document how these work, someone will find a way around them. The company needs to invest in *proactive* security, not just reactive patches.”* — **Arvind Narayanan, professor of computer science at Princeton University and AI policy expert**

**The Transparency Problem**

Perhaps the **biggest weakness** is that **OpenAI has not explained how the risk assessments function**. **Which queries trigger Lockdown Mode?** **Who reviews the Elevated Risk labels?** **What happens to flagged content?**

**A former OpenAI trust and safety employee** (who worked on misinformation defenses) told *ArtificialDaily* that **”there’s no manual override for Lockdown Mode—once it’s triggered, even admins can’t get a response.”** They added that **the Elevated Risk warnings are generated by a “shadow system”** that **does not sync with the company’s official logging**, making it **hard to audit**.

**The User Experience Risk**

The **new warnings could also harm harmless users** by **over-blocking legitimate queries**.

– **A journalist testing AI for investigative reporting** received an **Elevated Risk warning** when requesting **a fake document to reveal fraud patterns** (a legitimate use case for deepfake detection).
– **A small business owner** was **blocked from generating a product mockup** that **barely skirted openAI’s toxicity rules**, leading to **a lost day of work** while waiting for an appeal.

> *”These changes are being implemented so fast that OpenAI hasn’t even had time to test them properly. The last thing we need is for these tools to become *more* restrictive than they are useful, driving away the very people who could use them responsibly.”* — **Leah Belsky, AI ethics consultant and ex-DeepMind researcher**

—

**Industry Implications: A Ripe Disruption**

OpenAI’s move **has sent shockwaves through the AI industry**, forcing competitors and observers to **reassess their own safety protocols**.

**Google DeepMind and Mistral AI Face Pressure**

A **source at Google DeepMind** told *ArtificialDaily* that **the company is accelerating plans for its own “disinformation safeguards”**—including **domain-based blacklists** and **auto-generated watermarks**—but **avoids outright rejection** of risky queries.

Meanwhile, **Mistral AI**, the **Paris-based rival to OpenAI**, has **quietly blocked hundreds of users** after detecting **patterns of misuse** in its text-to-image tools. **Unlike OpenAI’s Lockdown Mode**, Mistral’s blocks **are visible in the interface** and come with **a public justification**, setting a **different safety standard**.

> *”OpenAI’s approach is defensive. Ours is to be transparent and **reduce damage by limiting system access, not just filtering responses**. The company should have acted long ago.”* — **Arthur Mensch, co-founder of Mistral AI**

**Startups and No-Code AI Tools Scramble**

**Smaller AI startups**—many of which **rely on OpenAI’s models**—are now **racing to implement their own safeguards** before **U.S. and EU laws force them to**.

– **Runway ML**, which uses **DALL·E 3 for upscaling images**, has added **a “misinformation disclaimer”** to its output.
– **Bing Image Creator** (Microsoft’s alternative) has **increased its watermark visibility** after OpenAI’s changes.
– **MidJourney**, which **does not have built-in risk filters**, has **seen a surge in users trying to bypass OpenAI’s new rules** by **switching to alternative providers**.

**The Legal Wild Card: Could This Violate OpenAI’s Own Terms?**

OpenAI’s **terms of service** have **always prohibited misuse**, but **the company has struggled to enforce them**. **Now, by simply refusing certain queries**, it may be **setting a precedent for self-censorship**—one that **could conflict with free speech laws** in the future.

**EFF (Electronic Frontier Foundation)** has **not yet commented**, but **legal sources suggest** that **opaque Lockdown Mode** could be **challenged under the First Amendment** if users feel their **right to access information** has been **unfairly restricted**.

> *”If OpenAI is going to use these filters, they need to be **public, explainable, and subject to review**. Not a black box that only they understand.”* — **Meredith Whittaker, former OpenAI ethics committee member and current co-founder of AI Now Institute**

—

**The Future: A Constant Arms Race**

OpenAI’s **new “Lockdown Mode” is a rare glimpse into how AI companies might **operate under heavy regulation**. The question now is **whether this is a sustainable solution**—or just **a temporary fix** in an **endless cat-and-mouse game**.

**What’s Next for AI Safety?**

Industry experts **artificialDaily talked to** suggest three **possible pathways** for OpenAI and its competitors:

1. **Hardened, Custom Models for Enterprise** — **Large corporations (banks, healthcare, government) may soon have access to “walled garden” AI versions** with **customized risk filters**, **watermarking**, and **usage monitoring**. This would **separate safe, regulated AI from consumer-grade models**, but it **could create a tiered system** where only **elite users have access to strict safeguards**.

2. **Third-Party Red Teaming as a Requirement** — **A growing number of U.S. senators** (including **Sen. Richard Blumenthal (D-CT)**) are **pushing for a mandatory “red team” program** where **external security firms** would **test AI models for vulnerabilities** before release. OpenAI has **resisted this idea**, but **competitors like Mistral AI have hired outside firms** to **identify attack vectors** proactively.

3. **Publicly Documented Safety Rules** — **A few researchers artificialDaily spoke with** believe that **the only way to prevent abuse is to make security rules transparent**. By **publicly listing the prompts that trigger Lockdown Mode**, the company could **force malicious actors to adapt**, while **also allowing oversight**.

**The Biggest Risk: Trust Erosion**

The **real danger** is not just **unintended misuse**—it’s **the growing distrust in AI itself**. If **OpenAI’s filters are too harsh**, legitimate users **will avoid the tool entirely**. If **they’re too weak**, bad actors will **exploit them with little consequence**.

> *”AI safety is not just about stopping the worst cases. It’s about **maintaining a baseline of trust** so that people don’t turn away from these tools entirely. Lock

This article was reported by the ArtificialDaily editorial team.