What is OpenAI Lockdown Mode and Why It Matters
OpenAI Lockdown Mode is an optional AI security feature that limits network-connected capabilities in ChatGPT to reduce data exfiltration risks from prompt injection attacks, helping users and organisations that handle sensitive information keep their internal data from being exposed by malicious or manipulated content. Prompt injection attacks are a form of social engineering where hidden instructions in websites, documents, or other inputs attempt to persuade an AI model to reveal confidential data or perform unwanted actions. As AI systems gain access to web browsing, document analysis, and external services, these attacks become more attractive to attackers. Lockdown Mode adds a dedicated defence layer on top of OpenAI’s built‑in AI security features, focusing on the final stage of an attack by restricting outbound network requests rather than trying to block every malicious instruction that may appear in processed content.
How Lockdown Mode Reduces Prompt Injection and Data Exfiltration Risks
Lockdown Mode works by narrowing the ways ChatGPT can talk to the outside world, cutting off common paths that prompt injection attacks use to extract sensitive data. When enabled, live web browsing is limited to cached content, which may lead to incomplete or outdated results but reduces exposure to fresh malicious pages. Deep Research and Agent Mode are disabled, so automated multi-step tasks cannot freely pull from or send data to external sources. ChatGPT can no longer download files on a user’s behalf, shrinking the chance that poisoned content enters through automated retrieval, though manual file uploads remain available. According to OpenAI, Lockdown Mode is “designed for people and organisations that handle sensitive data and want stricter protection from data exfiltration risks related to prompt injection.” It targets high‑risk users who value containment over maximum functionality.
What Changes When You Turn Lockdown Mode On
Once Lockdown Mode is active, several visible changes appear in how ChatGPT behaves, especially around connected tools and automation. Image generation and manual image uploads still work, but the system may not retrieve images from the internet or display them directly in responses, limiting another path for hidden instructions. Users cannot approve outbound network access for code generated through Canvas, closing a powerful channel that attackers might try to abuse. Certain connected experiences, including finance‑related tools, shopping agents, and other live connectors, are blocked, while read‑only access to previously synced connector data may remain, depending on account type and settings. Lockdown Mode and Developer Mode cannot be enabled at the same time; turning one on automatically turns the other off. Importantly, Lockdown Mode does not change memory, file upload limits, conversation sharing, or training‑use preferences, which must be managed separately.
Who Should Enable Lockdown Mode and How to Configure It
Lockdown Mode is aimed at users and organisations with heightened security needs—those whose chats may contain trade secrets, customer data, or other sensitive information. It is rolling out to eligible personal ChatGPT accounts, including Free, Go, Plus, and Pro plans, and to self‑serve ChatGPT Business workspaces. Personal users can enable it through the Settings menu under Safety, Security, or Advanced security sections, and can temporarily disable it for an individual conversation via the status message above the chat. For managed workspaces, administrators can control Lockdown Mode with role‑based access, deciding which apps, connectors, and actions stay available. The feature is not a full privacy solution; it specifically focuses on prompt injection attacks and data exfiltration risks. Workspace admins should still review memory, export, retention, and access controls as part of a broader AI security policy.
Monitoring Sessions and Responding to Suspicious Activity
Alongside Lockdown Mode, OpenAI has added session‑monitoring tools to help users keep tighter control of account access. The active session management interface shows which devices and web browsers are currently or were previously signed in, so you can spot unfamiliar logins that might indicate compromise. From this screen, you can sign out of a specific session or log out of all sessions at once; OpenAI notes that a full account‑wide logout can take up to 30 minutes to complete everywhere. If you suspect unauthorised activity, change any account password you use, review sign‑in methods such as single sign‑on or passkeys, and contact OpenAI Support. Combined with Lockdown Mode, these AI security features form a practical defence in depth: they limit what an attacker can do with prompt injection attacks and help you quickly cut off access if someone reaches your account.
