Sponsored by

For the last three years, the AI industry has been obsessed with one metric: intelligence.

Bigger models. Better reasoning. Higher benchmark scores.

But a different problem is beginning to emerge.

As AI systems gain access to browsers, company documents, databases, calendars, and business software, they become vulnerable to the same thing humans are vulnerable to:

Manipulation.

This week, OpenAI launched Lockdown Mode, a security feature designed to reduce the risk of prompt-injection attacks. The timing is notable because researchers are increasingly documenting how AI agents can be influenced by hidden instructions embedded inside webpages, documents, emails, and external tools.

The AI race is no longer just about building smarter systems.

It's becoming a race to build systems that know what not to trust.

The Problem: AI Agents Can Be Tricked

Traditional chatbots generate answers.

AI agents take actions.

That distinction matters.

Moda creates AI Decks that don't look AI-Generated

Every AI tool can create "AI slop". You know it the second you see it.

Moda is different: it learns your brand identity and applies it to every slide, document, and marketing asset your team makes. It learns your preferences so the designs get better over time.

The best part? Every layer is fully editable on a real canvas, and exports to powerpoint, PDF and more.

Moda has raised $7.5M from General Catalyst, Pear VC, and the founder of Dropbox.

An AI agent can read documents, browse websites, update CRM records, send messages, schedule meetings, or interact with business systems.

Researchers studying indirect prompt injection attacks have found that malicious instructions can be hidden inside content an agent processes. These instructions are often invisible to users and may appear in metadata, comments, HTML tags, emails, or uploaded files.

In one recent large-scale study, researchers analyzed 1.2 billion URLs and found more than 15,000 validated examples of indirect prompt injections already present across the web. Many were specifically designed for machines rather than humans and were hidden from normal view.

The attack pattern is surprisingly simple:

  1. A user asks an AI agent to perform a task.

  2. The agent retrieves external content.

  3. Hidden instructions inside that content attempt to override the user's intent.

  4. The agent may follow those instructions.

In other words, attackers don't need to hack the AI.

They can sometimes persuade it.

OpenAI's Response: Lockdown Mode

OpenAI's new Lockdown Mode is designed for users handling sensitive information.

Instead of trying to solve prompt injection entirely, the feature focuses on reducing potential damage.

When enabled, Lockdown Mode restricts or disables several capabilities that could be used to exfiltrate sensitive information, including:

  • Live web browsing

  • Deep Research

  • Agent Mode

  • Certain connector actions

  • External network-enabled workflows

The idea is straightforward:

If an attacker successfully influences an AI system, there should be fewer pathways available to move sensitive information outside the organization.

This mirrors how cybersecurity evolved over the last two decades.

Companies eventually realized they could not stop every intrusion.

Instead, they focused on limiting what attackers could do after gaining access.

AI security appears to be moving in the same direction.

A Website That Works While You Sleep

Most AI builders hand you a good-looking site and call it a day.

Readdy.ai builds you a business. Your site collects leads, takes payments, and answers customer questions 24/7 — through a built-in AI agent.

All in one. $15/month.

Why Businesses Should Care

The implications extend far beyond chatbots.

Most enterprise AI deployments are now focused on automation. Companies want AI systems that can access internal knowledge, interact with software, analyze documents, and execute workflows with minimal human involvement.

That creates a new challenge.

As AI gains more access, mistakes become more expensive.

Organizations evaluating AI systems are no longer looking only at intelligence, speed, or cost. They are increasingly evaluating security, reliability, auditability, and control.

The question is shifting from:

"How capable is this model?"

to

"Can we trust it with real systems?"

Why This Matters More Than It Seems

Most discussions about AI focus on intelligence.

But intelligence is no longer the primary bottleneck.

The next wave of AI adoption depends on trust.

Businesses already know models can write, summarize, research, and reason. The unanswered question is whether those systems can safely operate inside environments containing sensitive data, critical workflows, and real-world consequences.

That is why security features like Lockdown Mode matter.

They signal that leading AI companies are starting to treat trust as a product feature rather than a compliance requirement.

A few years ago, the competitive advantage was building a smarter model.

Increasingly, the competitive advantage may be building a model that organizations are comfortable giving access to their most important systems.

One Insight Worth Remembering

We've spent the last three years teaching AI systems how to think.

The next three years may be spent teaching them what not to trust.

That challenge could prove even harder.

Keep Reading