OpenAI has launched Lockdown Mode, an optional advanced security feature designed to reduce the risk of data exfiltration resulting from prompt injection attacks. The feature is rolling out to eligible personal accounts, including Free, Go, Plus, and Pro plans, as well as self-serve ChatGPT Business accounts.
Lockdown Mode is intended for users and organizations that handle sensitive information and want stronger protections against prompt injection threats. The feature limits ChatGPT’s ability to access the web and external services, helping prevent attackers from extracting data through outbound network requests.
OpenAI emphasized that prompt injection remains a challenging and evolving security problem. Lockdown Mode adds an extra layer of protection on top of existing safeguards, including sandboxing, URL-based exfiltration protections, monitoring systems, and enterprise security controls.
When enabled, Lockdown Mode disables or restricts several capabilities that can interact with external services. Live web browsing is limited to cached content, which may result in stale or incomplete search results. Deep Research and Agent Mode are unavailable, Canvas-generated code cannot access external networks, and ChatGPT cannot download files for data analysis. Users can still upload files manually for processing.
The feature also limits image support in standard ChatGPT responses and web-derived images, although image generation capabilities remain available. OpenAI noted that Lockdown Mode does not affect memory, file uploads, conversation sharing, or data-training settings, which continue to be controlled separately.
For personal and self-serve ChatGPT Business accounts, Lockdown Mode permits synced-data connectors while blocking live connector access and write actions. Certain experiences, including Finances in ChatGPT and shopping-agent features, are unavailable when the mode is enabled.
Managed workspaces can implement Lockdown Mode through role-based access controls. Administrators can create dedicated Lockdown Mode roles and assign them to members or groups. OpenAI advises organizations to carefully evaluate the data exfiltration risks associated with each app and action before granting access.
The company categorizes untrusted apps and broad write actions as high-risk for Lockdown Mode users. Read-only actions on trusted apps and synced connectors are considered lower-risk but can still expose sensitive information that attackers may attempt to access.
OpenAI clarified that Lockdown Mode is designed to reduce the likelihood of prompt injection-based data exfiltration but does not eliminate all prompt injection risks. Malicious instructions embedded in uploaded files or cached content can still influence model behavior and potentially lead to incorrect responses.
Users can enable Lockdown Mode through the Security section of Settings. The feature cannot be used simultaneously with Developer Mode; enabling one automatically disables the other. Users also have the option to temporarily disable Lockdown Mode for individual conversations.
OpenAI noted that Lockdown Mode does not affect network access in Codex and does not change what information is captured through the Compliance API Logs Platform.
KEY QUOTES:
“Lockdown Mode is an optional advanced security setting that limits many tools and capabilities in OpenAI products that can connect to the web or external services. It is designed to reduce the risk of data exfiltration from prompt injection attacks by limiting outbound network requests, at the expense of disabling or limiting some useful features.”
OpenAI Support Documentation
