OpenAI has introduced a new ChatGPT security feature called Lockdown Mode, aimed at users and organizations that need tighter protections against prompt injection attacks and possible data theft.
The optional setting limits access to the web and external services inside OpenAI products. OpenAI says the feature is designed to reduce the risk that sensitive information could be sent outside the system during an attack, but it does so by turning off or constraining a number of helpful capabilities.
Lockdown Mode is not meant for every user. OpenAI describes it as an advanced option for people and organizations handling sensitive data who want stronger safeguards against data exfiltration. The company says the feature works by restricting outbound network requests, which can help block the final step in some prompt injection attacks.
The company also notes that Lockdown Mode is one layer in a broader security stack. Other protections include sandboxing, defenses against URL-based exfiltration, monitoring and enforcement, and enterprise controls such as role-based access and audit logs.
At the same time, OpenAI says the mode does not stop prompt injections from appearing in content ChatGPT processes. A malicious instruction hidden in cached web content or an uploaded file could still influence responses or reduce their accuracy.
When Lockdown Mode is turned on, several ChatGPT features are limited or disabled. Live web browsing is reduced to cached content, which means search results may be stale, incomplete, or unavailable. Image support in regular responses can also be restricted, though users can still upload images and use image generation where it is otherwise supported.
Other disabled features include Deep Research, Agent Mode, and the ability to approve Canvas-generated code to access the network. ChatGPT also cannot download files for data analysis, although it can still work with files a user uploads manually.
OpenAI says Lockdown Mode does not change memory settings, file uploads, conversation sharing, or whether chats may be used to improve models. It also does not affect network access in Codex.
The new mode also changes how apps and connectors work. For personal accounts and self-serve ChatGPT Business accounts, Lockdown Mode allows connectors that use synced data, but blocks live connector access and write actions. Some connected experiences, including financial and shopping-related agents, are unavailable in this mode.
For managed workspaces, the picture is more complicated. OpenAI says apps, connectors, and MCPs are governed by workspace settings and role-based access controls, so Lockdown Mode does not automatically disable every app. Instead, administrators are expected to enable only trusted tools and actions.
OpenAI recommends avoiding untrusted read or write actions and treating write actions with caution even for trusted apps, especially when the side effects may not be visible to a potential attacker. It says synced connectors and read actions are generally lower risk, though they can still expose sensitive data.
According to OpenAI, Lockdown Mode is rolling out to eligible personal accounts, including Free, Go, Plus, and Pro, as well as self-serve ChatGPT Business accounts. The company says some users may not see the setting yet if it has not reached their account.
The feature can be turned on in Settings under Security for eligible personal and self-serve business accounts. In managed workspaces, admins can create a custom role and assign it as a Lockdown Mode role.
OpenAI says the feature is meant to substantially reduce risk, not eliminate it. Prompt injection remains a developing security problem, and the company says new techniques or unexpected combinations of features could still create exposure.