OpenAI launches Lockdown Mode to block prompt injection data exfiltration attacks

OpenAI has begun rolling out Lockdown Mode, an optional security setting available to all ChatGPT users including free tier accounts. The feature limits network functionality to prevent attackers from extracting sensitive data through prompt injection attacks.

What Lockdown Mode disables

When enabled, Lockdown Mode restricts several ChatGPT features:

• ChatGPT cannot fetch images from the internet or display images in responses (though users can still generate and upload images)
• File downloads are blocked (manual document uploads still work)
• Deep Research feature is completely disabled
• Agent Mode is completely disabled
• Network requests that could be exploited for data exfiltration are blocked

According to OpenAI, "Lockdown Mode is not intended for everyone. It is designed for people and organizations that handle sensitive data and want stricter protection from data exfiltration risks related to prompt injection."

How prompt injection attacks work

Prompt injection is a social engineering technique targeting conversational AI systems. Attackers hide malicious instructions on webpages and other content that AI systems access when pulling information from the internet. These hidden instructions attempt to trick the AI into executing unauthorized actions.

OpenAI emphasizes that Lockdown Mode doesn't prevent prompt injections from appearing in processed content. Instead, it prevents attackers from extracting data by blocking the network requests they would exploit.

Activation and session management

Users can enable Lockdown Mode through ChatGPT's settings menu under Safety and security > Advanced security. The protection can be temporarily disabled for individual conversations through a toggle above the chat window.

The feature does not affect memory, file uploads, conversation sharing, or whether conversations may be used for model training. Those settings remain separately configurable by workspace administrators.

OpenAI is also rolling out an active session manager that shows all devices and browsers with account access. Users can log out of individual sessions or all sessions at once, though complete logout can take up to 30 minutes.

What this means

Lockdown Mode represents OpenAI's acknowledgment that prompt injection remains a real security concern as AI systems gain more autonomous capabilities and internet access. The feature trades functionality for security—a reasonable tradeoff for enterprises and users handling confidential information. The fact that OpenAI specifically warns most users don't need this level of protection suggests their existing defenses are sufficient for typical use cases. Organizations using ChatGPT for sensitive work now have a straightforward way to reduce their attack surface without abandoning the platform entirely.