What Lockdown Mode Is and Why It Matters
Lockdown Mode in ChatGPT is an optional security setting that restricts network access and high‑risk capabilities so users handling sensitive data can reduce data theft risks from prompt injection attacks and limit how much information an attacker could exfiltrate through the model’s external connections. OpenAI created this ChatGPT security feature as an extra layer on top of its existing model and infrastructure protections, aimed at people and organisations with higher exposure, such as those regularly working with confidential documents, internal systems, or regulated data. The goal is data theft prevention: Lockdown Mode does not clean or rewrite the content you upload, but it limits how that content can be sent out to external services. This makes it harder for malicious instructions hidden in text or files to turn ChatGPT into an unintentional bridge between your sensitive data and an attacker’s systems.
How Prompt Injection Attacks Try to Steal Your Data
Prompt injection attacks are a form of social engineering in which attackers hide malicious instructions inside text, documents, or web pages that AI tools read. When ChatGPT processes that content, the hidden prompt might tell it to ignore previous rules, reveal private information, or send data to an external site. As AI systems gain features like browsing, connectors, and automated tools, attackers try to use them as pivot points to reach internal files or services. According to OpenAI, Lockdown Mode focuses on blocking the final stage of these attacks by limiting outbound network requests instead of filtering all possible malicious instructions. This means prompt injection attacks might still influence model behaviour or accuracy, but they are much less able to move sensitive information out of your account into an attacker’s control.
What Changes When You Turn On Lockdown Mode
Lockdown Mode ChatGPT focuses on limiting external access while keeping core chat features usable. Web browsing is restricted to cached content, so search results may be missing, incomplete, or outdated. Deep Research and Agent Mode are disabled because they involve wide information access and automated task execution, both of which can amplify prompt injection risks. ChatGPT cannot download files for analysis, though you can still upload files manually, which helps reduce the chance of hidden malware or harmful content entering through automated downloads. Image generation and manual image uploads remain available, but image retrieval from the internet and inline image display in responses may be limited. For connectors and apps, live connector access and write actions are blocked for personal and self‑serve Business accounts, affecting features like shopping‑agent experiences and Finances. Network access in Codex and core settings such as memory, conversation sharing, and training preferences are unchanged.
Who Should Use Lockdown Mode for Sensitive Data Protection
Lockdown Mode is not designed for casual chats or general research. It is meant for users and organisations that face higher security stakes and need stronger sensitive data protection. This includes teams working with internal business files, customer data, intellectual property, or any information that would be damaging if exfiltrated. Because prompt injection attacks target AI tools that can browse the web, call APIs, or use connectors, anyone enabling advanced features should weigh the added risk. If you depend on ChatGPT for workflows like document analysis, planning, or coding tied to internal systems, enabling this ChatGPT security feature can sharply reduce your exposure to data theft from malicious prompts. You still need good privacy hygiene—such as control over what you paste or upload—but Lockdown Mode adds a safety net that limits what an attacker could do if a prompt injection slips through.
How to Enable Lockdown Mode and Use It Safely
Lockdown Mode is available on eligible personal ChatGPT accounts—Free, Go, Plus, and Pro—as well as self‑serve ChatGPT Business workspaces. To enable it, open your ChatGPT settings, locate security or advanced controls, and switch on Lockdown Mode; note that Developer Mode and Lockdown Mode cannot run at the same time, so turning on one disables the other. When active, expect limited browsing, disabled Deep Research and Agent Mode, blocked file downloads, and restricted connector access. For business workspaces, administrators should review which apps, connectors, and MCP actions are allowed and only enable those that are necessary, especially for members who work with sensitive data. Combine Lockdown Mode with clear internal rules on what staff may paste or upload to ChatGPT, and regularly review sessions involving high‑risk data to ensure that prompt injection attacks have fewer paths to cause harm.
