What Lockdown Mode Is and Why It Exists
Lockdown Mode is a ChatGPT security feature that restricts high‑risk online and automation capabilities to reduce data exfiltration protection gaps when users handle sensitive information in AI-assisted conversations. It is designed for people and organisations that work with confidential material and want stricter protection from prompt injection attacks that target connected tools and web access. Instead of trying to filter every malicious instruction, Lockdown Mode limits how ChatGPT can interact with the outside world, especially the web, external apps, and automated workflows. OpenAI describes it as an extra line of defence layered on top of existing safeguards built into ChatGPT and its backend systems. The goal is to make it much harder for an attacker’s hidden prompt to turn into real damage, especially when an assistant has access to work documents, connected services, or ongoing projects.
Prompt Injection Attacks: The Hidden Risk in Everyday Content
Prompt injection attacks are a form of social engineering where malicious instructions are hidden inside content that an AI assistant processes, such as webpages, PDFs, emails or connected app data. Because models are trained to follow instructions wherever they appear, a hidden prompt can attempt to override the user’s request, redirect the conversation, or ask the assistant to reveal information from the session. As AI tools gain web browsing, document analysis and app integration, attackers gain more places to hide these instructions and more paths to extract sensitive data. Your uploaded contract, customer report or investor memo could contain invisible commands aimed at your conversation history. This makes prompt injection less of an abstract research topic and more of an everyday security issue for founders, lawyers, journalists and operations teams using ChatGPT to handle real work.
Lockdown Mode Explained: What It Blocks and Allows
Lockdown Mode works by cutting off the most dangerous connection points that prompt injection attacks rely on. Live web browsing is limited to cached content instead of fresh pages, which reduces exposure to malicious site instructions. Deep Research is disabled, Agent Mode is disabled, and Canvas networking is blocked, removing tools that can browse widely, coordinate tasks or act across multiple systems. ChatGPT cannot download files for analysis on your behalf, though you can still upload files manually, so you retain control over what enters the session. Image support becomes more restricted: images may not be retrieved from the internet or displayed inline in responses. Some capabilities remain, like image generation and manual image uploads, so Lockdown Mode narrows high-risk features without turning ChatGPT into a static tool.
How Lockdown Mode Protects Against Data Exfiltration
Lockdown Mode does not stop malicious prompts from appearing in content, but it does aim to block the last and most damaging step: sensitive data leaving the conversation. By disabling or limiting tools that reach the web, external services or automated agents, it reduces the channels through which attackers can move information out of ChatGPT. According to OpenAI’s Help Center, Lockdown Mode specifically focuses on limiting tools and capabilities that can connect to external systems to reduce the risk of data exfiltration from prompt injection attacks. This is less like antivirus software and more like closing doors: it shrinks the number of exits through which confidential material could be carried away. When combined with careful prompt design and good access controls, Lockdown Mode becomes a practical safeguard for high-risk workflows.
Who Can Use Lockdown Mode and When to Turn It On
OpenAI is rolling out Lockdown Mode to eligible personal ChatGPT accounts, including Free, Go, Plus and Pro, as well as self‑serve ChatGPT Business users. This means the feature is no longer limited to large enterprises; individuals and teams working with sensitive documents can benefit from the same extra protection. Lockdown Mode is optional, so you can keep full capabilities for low‑risk tasks and enable the stricter mode when security matters more than convenience. A marketing team rewriting public copy may not need it, but a finance leader reviewing internal forecasts, a lawyer analysing contracts, or a journalist reading confidential source material may choose to turn it on. Session‑monitoring tools and admin controls can sit alongside Lockdown Mode, giving organisations a clearer way to separate everyday AI use from high‑risk, sensitive work.
