OpenAI started rolling out Lockdown Mode to personal and business accounts. It’s an optional security setting that stops ChatGPT from connecting to the web and other external services. The goal is to help users who handle sensitive data reduce the risk of information being extracted through prompt injection attacks. Lockdown Mode stops external data channels Lockdown Mode stops live web browsing, deep research, agent mode, and file downloads for data analysis. The feature stops external data channels from interacting with the AI model . Search results are limited to cached content, which may be incomplete or outdated. Image retrieval from the web stops working, too. However, a user can still upload their own images and use image generation. The restriction list is specific. First, Canvas code loses network access. Moreover, Certain connected experiences, including financial tools and shopping agent features, stop working entirely. Lockdown Mode will not prevent prompt injections from appearing in content that ChatGPT processes. Malicious instructions hidden in cached web pages or uploaded files can still alter how the model responds. Lockdown Mode essentially blocks the final step where exfiltrated data would leave OpenAI’s systems and reach an attacker. “Lockdown Mode is not intended for everyone,” OpenAI states in its documentation. “It is designed for people and organizations that handle sensitive data and want stricter protection from data exfiltration risks related to prompt injection.” Who can use OpenAI’s Lockdown Mode? Free, Go, Plus, and Pro personal accounts are eligible, along with ChatGPT Business accounts. The rollout is gradual, and if a user doesn’t see the feature in the settings, they need to wait. Enterprise accounts admins can create custom Lockdown Mode roles and assign them to specific members or groups. The user can toggle the feature under advanced security. Lockdown Mode can also be turned off for individual chats without disabling it through the full account. Lockdown Mode and Developer Mode cannot run simultaneously; enabling one automatically turns off the other. OpenAI is trying to solve prompt injection attacks Prompt injection is one of the hardest security issues facing AI products. Attackers embed hidden instructions in documents, web pages, or other content that a chatbot processes. The goal is tricking chatbots into sending sensitive information or performing other malicious actions. OpenAI has many layers of cybersecurity protection, including sandboxing, URL filters, monitoring, and audit logs. Lockdown Mode is an extra layer that stops stolen data from leaking. OpenAI acknowledged in a December 2025 blog post that capture-the-flag security challenge scores jumped from 27% to 76% across model generations in just three months. Lockdown Mode does not change ChatGPT’s memory settings, file upload capabilities, conversation sharing options, or whether conversations are used for model training. Those remain separate toggles, and the feature also has no effect on Codex. OpenAI ranks third-party integrations into three risk levels. Write actions for untrusted apps that carry the highest exfiltration risk. Sync connectors have a lower risk because data is already stored within OpenAI’s systems. However, they can still be a source of sensitive information that attackers go after. Don’t just read crypto news. Understand it. Subscribe to our newsletter. It's free .
