What Lockdown Mode Is and Why OpenAI Created It
Lockdown Mode is an optional OpenAI security feature that limits high‑risk capabilities in order to reduce data exfiltration and add extra AI model protection for users exposed to prompt injection attacks. OpenAI describes it as a last line of defense layered on top of existing OpenAI security features in ChatGPT, its models, and backend systems. The mode is not meant for everyone; it is aimed at people and organizations that work with sensitive data and cannot afford accidental leaks through network-connected tools. By narrowing which online actions the model can perform, Lockdown Mode helps contain the damage if a malicious prompt does slip through. It focuses on stopping attackers from pulling information out of your account rather than blocking every harmful input, giving high-value users a safer baseline for critical workflows.
Understanding Prompt Injection Attacks
Prompt injection attacks are a form of social engineering tailored to AI chatbots, where hidden or deceptive instructions try to override a model’s normal behavior. As AI systems gain access to the internet and external tools, attackers can plant malicious prompts inside webpages, documents, or other content. When a chatbot reads those sources, it may follow the hidden instructions instead of the user’s request. This can lead to data leaks, unauthorized actions, or misleading answers. Prompt injection attacks matter because they target the link between the model and the outside world, not the model’s core training alone. Organizations that rely on AI for research, automation, or decision support face higher consequences if an attacker convinces the model to reveal internal information or send hidden requests on their behalf.
How Lockdown Mode Protects Against Prompt Injection
Lockdown Mode focuses on limiting what an AI session can do over the network, which lowers the impact of prompt injection attacks. OpenAI notes that Lockdown Mode does not prevent malicious prompts from appearing in content the model processes. Instead, it reduces the ways an attacker could turn those prompts into data theft. For example, you can still generate images and upload your own photos, but ChatGPT may not fetch images from the internet or display external images in responses. The model cannot download files for analysis, though you can continue to upload documents manually. OpenAI’s Deep Research and Agent Mode features are disabled in this setting, further shrinking the attack surface. By restricting network requests and automated tools, Lockdown Mode makes it harder for injected prompts to exfiltrate sensitive data or call external resources on your behalf.
Who Should Enable Lockdown Mode and How to Turn It On
Lockdown Mode targets a specific segment of users: people and organizations with elevated security needs who handle sensitive or high-value data through ChatGPT. If you work in regulated industries, manage private client information, experiment with connected tools, or use AI to support critical business processes, this extra layer of AI model protection may be worth enabling. Lockdown Mode is available to all personal accounts, including those on OpenAI’s free tier. To turn it on, open ChatGPT’s settings, go to Safety and security, then find Advanced security, select Lockdown mode, and toggle it on. You can temporarily turn it off for a single conversation by using the Manage option in the status message above the chat. This flexibility lets you balance OpenAI security features with the capabilities you need for specific tasks.
Additional Account Protections: Active Session Manager
Alongside Lockdown Mode, OpenAI is rolling out an active session manager to strengthen overall account security. This tool lets you see all devices and browsers that have accessed your account, which can reveal suspicious activity. From the session view, you can sign out of individual sessions or all sessions at once; OpenAI notes that logging out everywhere can take up to 30 minutes to complete. If you suspect unauthorized use, OpenAI advises changing your password, reviewing your sign-in methods, and contacting OpenAI Support. While this feature is separate from Lockdown Mode, they complement each other: Lockdown Mode protects against prompt injection attacks and data exfiltration during AI use, while the active session manager helps prevent account takeover by giving you more visibility and control over where your account is signed in.
