What happened
OpenAI has begun rolling out a new security feature called Lockdown Mode for ChatGPT, designed to reduce the risk of sensitive data being exposed through prompt injection attacks. The feature is now available for logged-in users across Free, Go, Plus, Pro, and self-serve Business accounts.
Prompt injection attacks occur when malicious instructions are hidden within webpages, documents, emails, or other content that an AI system processes. These instructions can potentially influence the model’s behavior or cause it to expose sensitive information.
Lockdown Mode addresses this risk by limiting capabilities that connect ChatGPT to the internet or external services. When enabled, it disables or restricts features such as live web browsing, Deep Research, Agent Mode, image retrieval from the web, Canvas networking, and file downloads. The goal is to reduce potential pathways that attackers could use to exfiltrate data.
OpenAI has emphasized that Lockdown Mode is not intended to prevent prompt injections entirely. Instead, it focuses on reducing the opportunities for sensitive information to leave the ChatGPT environment if a prompt injection attack occurs.
Who is affected
The feature is primarily aimed at organizations and individuals who handle sensitive information, including CISOs, security teams, government personnel, executives, legal professionals, healthcare organizations, and employees working with confidential business data.
Companies that allow employees to use generative AI tools for research, analysis, and productivity tasks may also benefit from the additional safeguards. However, users should expect a tradeoff between security and functionality, as several advanced AI features become unavailable while Lockdown Mode is active.
OpenAI has also noted that Lockdown Mode cannot be used simultaneously with Developer Mode.
Why CISOs should care
Prompt injection remains one of the most significant security challenges facing enterprise AI adoption. As organizations increasingly integrate AI assistants into daily workflows, the risk of accidental data exposure through malicious content becomes a growing concern.
Lockdown Mode represents one of the first large-scale attempts by an AI provider to offer a security-focused operating mode that prioritizes data protection over convenience. While it does not eliminate prompt injection risks, it can help reduce the attack surface available to adversaries.
For CISOs, the feature may provide an additional control for employees who regularly work with sensitive intellectual property, financial information, customer data, or regulated content.
3 practical actions
- Identify high-risk users within your organization who may benefit from operating ChatGPT in Lockdown Mode when handling sensitive information.
- Update AI governance policies to define when security-focused settings should be enabled and what functionality limitations users should expect.
- Continue educating employees about prompt injection risks, as Lockdown Mode reduces exposure pathways but does not eliminate malicious instructions or AI manipulation attempts.
