OpenAI rolls out Lockdown Mode for ChatGPT security

OpenAI has started rolling out Lockdown Mode for ChatGPT and supported OpenAI products, an optional security setting meant to reduce the risk that prompt injection attacks can leak sensitive data. The company's official Help Center page, updated within the last day, says the feature is available for all account types and workspaces, while TechCrunch separately reported the rollout on June 6 at 1:32 PM PDT.

The basic idea is deliberately conservative. When Lockdown Mode is enabled, ChatGPT limits tools that can connect to the web or external services. Live web browsing is reduced to cached content, deep research and agent mode are disabled, Canvas-generated code cannot be approved for network access, and ChatGPT cannot download files for data analysis. OpenAI also says some image support and live connector behavior are restricted, though users can still upload files and generate images where those features are otherwise available.

That matters because prompt injection is becoming one of the clearest security problems for AI assistants. A malicious instruction can be hidden inside a webpage, document or other piece of content that an assistant processes. If the assistant also has access to private files, connected apps or web actions, the attack can try to make it send sensitive information outward. Lockdown Mode does not stop hostile instructions from entering the context, but it tries to block the final exfiltration step by limiting outbound requests.

For everyday users, the feature is probably not necessary in every chat. It trades convenience for a smaller attack surface. Search results may be stale, research workflows become less capable, and agentic browsing is unavailable. But for journalists, lawyers, researchers, executives, activists and anyone handling confidential material, the option is a practical way to use AI with fewer external pathways open.

For companies and builders, the release is also a signal about where AI product security is heading. As assistants gain connectors, agents and the ability to act across services, security can no longer rely only on better model behavior. Product-level controls, admin roles, audit logs and clear capability boundaries are becoming part of the core AI user experience.