OpenAI introduces Lockdown Mode for ChatGPT to restrict internet access and external features, protecting against prompt injection attacks on sensitive data.

OpenAI has launched Lockdown Mode, which disables web access, Deep Research, Agent Mode, file downloads, and web image display to prevent attackers from using prompt injections (hidden instructions embedded in text or files) to manipulate the model and steal sensitive data.

Users can enable Lockdown Mode in Settings > Security on personal and self-managed ChatGPT Business accounts, or admins can configure it via role-based access controls in managed workspaces. The mode can be toggled off temporarily for individual chats, though it is mutually exclusive with Developer Mode.

OpenAI acknowledges that prompt injection remains an unsolved research problem since at least GPT-3 and that Lockdown Mode is a partial measure—it blocks the final exfiltration step but cannot prevent a manipulative instruction in an uploaded file from influencing the model's behavior. The company states the risk is 'not currently a major risk,' but impact 'could grow as attackers develop more sophisticated methods.'