OpenAI launches ChatGPT Lockdown Mode to limit exfiltration

OpenAI has begun rolling out Lockdown Mode, an optional advanced security setting that limits ChatGPT tools and capabilities able to connect to the web or external services, to reduce data exfiltration from prompt injection attacks. Per OpenAI's help center, it is available to logged-in personal accounts (Free, Go, Plus, and Pro) and to self-serve ChatGPT Business workspaces, with rollout that may be gradual. When enabled, Lockdown Mode disables or limits live web browsing (cached content only), image support in responses, Deep Research, Agent Mode, Canvas networking, and file downloads. OpenAI describes it as part of a defense-in-depth approach and cautions that it reduces, but does not eliminate, exfiltration risk, since injected instructions can still reach the model via uploaded files or cached content. OpenAI announced the feature in a February 13 blog post updated June 4, 2026.
What happened
OpenAI has begun rolling out Lockdown Mode for eligible accounts, describing it as "an optional advanced security setting that limits many tools and capabilities in OpenAI products that can connect to the web or external services." Per OpenAI's help center, Lockdown Mode is available to logged-in personal accounts across Free, Go, Plus, and Pro, and to self-serve ChatGPT Business accounts, with rollout that may be gradual. OpenAI announced the feature in a blog post published February 13, 2026 and updated June 4, 2026.
Technical details
Per OpenAI's help article and blog, Lockdown Mode reduces data-exfiltration risk from prompt injection by limiting outbound network requests and restricting features that create external connectivity. OpenAI lists the following as disabled or limited when it is on:
- •Live web browsing, restricted to cached content only
- •Image support in responses and retrieving images from the web
- •Deep Research
- •Agent Mode
- •Canvas networking, which blocks approving generated code to access the network
- •File downloads for data analysis
OpenAI states the mode does not change memory, file uploads, sharing controls, or whether conversations may be used to improve models, and that it "does not guarantee that data exfiltration cannot happen," since risk can remain through enabled apps or unforeseen capability combinations.
Editorial analysis - technical context
Practitioners treat prompt injection as an active attack vector against connected LLM systems, where model outputs or tool integrations can become exfiltration channels. Lockdown-style controls shrink the attack surface by removing network-capable features an attacker could use to move data off-platform. For teams evaluating threat models, a toggle that trades connectivity for fewer outbound paths is a pragmatic mitigation layer alongside model hardening, sandboxing, and access controls.
Context and significance
OpenAI frames Lockdown Mode as part of a defense-in-depth approach that also includes sandboxing, monitoring, and enterprise controls such as role-based access and audit logs. For organizations handling sensitive data, a product-level setting that measurably reduces networked capabilities can simplify risk assessments, but OpenAI is explicit that it does not eliminate risk: injections embedded in uploaded files or cached content can still influence behavior even without external network access.
What to watch
- •Whether security-conscious teams adopt Lockdown Mode by default in high-sensitivity environments.
- •Implementation guides or enterprise policy templates from OpenAI or partners.
- •New prompt-injection techniques that attempt to exfiltrate data through still-allowed channels.
Key Points
- 1Lockdown Mode restricts network-capable ChatGPT features to cut data-exfiltration paths, trading connectivity for tighter outbound controls.
- 2It is rolling out to personal accounts (Free, Go, Plus, Pro) and self-serve ChatGPT Business, per OpenAI's help center and blog.
- 3OpenAI frames it as a defense-in-depth mitigation that complements sandboxing and access controls, not a complete fix for prompt injection.
Scoring Rationale
A product-level security control from a widely used AI vendor that materially changes operational options for teams handling sensitive data, with clear documentation of what it restricts and its limits. It is an applied security feature rather than a research breakthrough, which fits the notable band at 6.8.
Sources
Public references used for this report.
View 10 more sources
- 04OpenAI is locking down parts of ChatGPT to reduce data theft riskshelpnetsecurity.com
- 05OpenAI Help: Lockdown Modesimonwillison.net
- 06OpenAI Rolls Out Lockdown Mode for Enhanced AI Securitytechgig.com
- 07How to enable ChatGPT Lockdown Mode for enterprise security4sysops.com
- 08ChatGPT Lockdown Mode: Reduce Prompt Injection Riskgend.co
- 09OpenAI Lockdown Mode blocks data theft from prompt injectionneura.market
- 10New ChatGPT Lockdown Mode Limits Tools That Could Enable Data Exfiltrationitsecuritynews.info
- 11The best new ChatGPT feature is one most people will never usedigitaltrends.com
- 12OpenAI Announces Unnerving New ChatGPT Feature Named ‘Lockdown Mode’gizmodo.com
- 13New ChatGPT Lockdown Mode Aims to Block Prompt Injection and Data Exfiltration Attacksgbhackers.com
Practice interview problems based on real data
1,625 SQL & Python problems across 15 industry datasets — the exact type of data you work with.
Try 250 free problems