OpenAI Bolsters ChatGPT Security with New Lockdown Mode Against Prompt Injection Attacks

The new security feature offers high-stakes users a way to mitigate data exfiltration risks by restricting advanced autonomous functions within the platform.

OpenAI has officially launched a "Lockdown Mode" for ChatGPT, a defensive feature specifically engineered to fortify the platform against prompt injection attacks. As cyber threats evolve to exploit the way language models process external data, this new setting provides a critical layer of protection for individuals and organizations dealing with highly sensitive information. Rather than acting as a universal update for every subscriber, the feature is positioned as a deliberate trade-off, prioritising ironclad security over the convenience of autonomous, web-connected tools.

Understanding the Threat

Prompt injection attacks have emerged as a significant security challenge, functioning as a sophisticated form of social engineering. In these scenarios, malicious actors embed hidden, deceptive instructions within documents, websites, or files that an AI subsequently processes. If successful, these prompts can manipulate the system into bypassing its safety guardrails, potentially leading to unauthorized data exfiltration or the execution of unintended actions. By introducing this new mode, OpenAI aims to provide a final, robust defense layer that sits atop the existing security infrastructure of its backend systems.

What Changes Under Lockdown

When a user activates the feature, the functionality of ChatGPT undergoes a strategic contraction. To minimize the attack surface, the system restricts several high-level capabilities. Advanced tools such as Deep Research and Agent Mode—both of which rely heavily on external web access and autonomous decision-making—are disabled entirely. While users retain the ability to upload files for review and generate images, the bot’s capacity to retrieve external images from the internet or download files for deep analysis is curtailed.

It is important to note that this is not a filter that prevents prompt injections from entering the system. Instead, the mode functions as a containment strategy. By limiting the model's ability to execute external network requests or interact with certain connected tools, it makes it significantly harder for an attacker to successfully extract private data from a user’s session. Importantly, the firm clarified that core user experiences, such as conversation history, file upload permissions, and training data settings, remain untouched by the switch.

A Targeted Tool for Enterprise

OpenAI has made it clear that this feature is not intended for the average casual user. It is primarily built for high-risk environments where the potential cost of a data breach outweighs the benefit of advanced AI features. Within enterprise workspaces, the implementation remains flexible; administrators can configure these security controls to align with their organization’s specific risk appetite.

Alongside the rollout of this mode, the company is also introducing an active session manager. This dashboard allows users to monitor all devices and browsers currently logged into their accounts, providing a much-needed layer of visibility and control over account access. As digital security continues to be a central focus for developers, these dual updates reflect a broader industry shift toward granular control in an increasingly automated world.