OpenAI has introduced a new security feature called lockdown mode, designed to protect sensitive data from prompt injection attacks by restricting web access and other exploitable capabilities. The feature is available to users on business plans, including Free, Go, Plus, Pro, and self-serve ChatGPT, targeting individuals and organizations seeking stricter controls over data access and transmission through OpenAI products.
How Lockdown Mode Works
In a post on its website, OpenAI explains that lockdown mode is an optional advanced security setting that limits many tools and capabilities in OpenAI products that can connect to the web or external services. The feature aims to reduce the risk of sensitive information being extracted through prompt injection attacks by limiting outbound network requests.
However, OpenAI cautions that lockdown mode is not a complete defense against such attacks. "Lockdown Mode does not prevent prompt injections from appearing in the content ChatGPT processes," the company states. "For example, a prompt injection could appear in cached web content or in an uploaded file, and could still affect the behavior or accuracy of a response."
Features Affected
With lockdown mode enabled, several features are either disabled or significantly restricted. Live web browsing is limited to cached content, while deep research, agent mode, and network-enabled Canvas functions are disabled. Users are also prohibited from downloading files for analysis, although manually uploaded files remain accessible.
OpenAI notes that image retrieval from the web and image display in standard responses may also be restricted, while image generation capabilities will continue to function where available. The lockdown mode does not affect memory settings, file uploads, conversation sharing, or existing controls governing whether user conversations can be used to improve AI models.
Impact on Users and Third-Party Connectors
For personal and self-serve business accounts, live connector access and write actions are blocked, while synchronized data connectors remain available. OpenAI advises workspace administrators to carefully evaluate the data-exfiltration risks associated with applications and integrations used by employees assigned to lockdown mode roles.
The company notes that lockdown mode and developer mode cannot operate simultaneously; enabling one feature automatically disables the other. Users can activate lockdown mode through the security section of their account settings, while enterprise administrators can configure custom lockdown mode roles and assign them to individual users or groups.
Part of Broader Security Framework
OpenAI states that lockdown mode forms part of its broader security framework, which includes sandboxing, monitoring systems, protections against URL-based data exfiltration, and enterprise-grade controls such as role-based access management and audit logging.
