OpenAI launches ChatGPT Lockdown Mode to limit data leaks

OpenAI has begun rolling out Lockdown Mode for eligible ChatGPT users. The feature is available to logged-in users on Free, Go, Plus and Pro personal accounts and to self-serve ChatGPT Business plans. The company began the deployment to reduce the risk that prompt-injection attacks could send sensitive data to external infrastructure.

Lockdown Mode restricts outgoing network activity and disables or limits features that can reach the web or external services. Live web browsing is limited to cached content, image support for regular responses and image retrieval from the internet is disabled, deep research and Agent mode are turned off, Canvas networking is blocked so generated code cannot access networks, and file downloads used for data analysis are prevented.

OpenAI described the setting as “an optional advanced security setting that limits many tools and capabilities in OpenAI products that can connect to the web or external services.” The company said the controls build on sandboxing and existing protections by limiting outbound requests that could transmit data to attacker-controlled servers. Lockdown Mode does not change how memory or file uploads work, and it does not stop users from sharing conversations.

Lockdown Mode cannot run at the same time as Developer Mode; activating one disables the other. OpenAI cautioned that the feature is designed to substantially reduce the risk of prompt-injection based data exfiltration but does not guarantee data cannot be leaked. The company pointed out residual risk may remain through enabled third-party apps, unforeseen combinations of capabilities, or novel techniques, and a malicious instruction hidden in an uploaded file could still affect model behavior.

At the same time, OpenAI released an account management tool that lists active ChatGPT sessions and lets users remotely log out of individual or all sessions. The session view shows device type, app used, approximate location, sign-in date and time, and flags for whether the device is trusted or currently active.

Prompt injection remains a challenge for large language models. The rollout of Lockdown Mode adds tighter network controls and sandboxing to the set of mitigations companies use to reduce the chance that models will leak sensitive information to external addresses.