OpenAI Lockdown Mode targets ChatGPT prompt injection

OpenAI has added Lockdown Mode for ChatGPT, an optional setting that cuts off several connected features when users want to limit prompt-injection risk.

Workplace use is the immediate problem. A model may be asked to read a web page, file or other content that contains hidden instructions written by an attacker. OpenAI is presenting the control as a way to reduce exposure, not as a fix for the attack itself. TechCrunch reported the same limit: the aim is to lower the chance that sensitive data is shared after a malicious input, rather than remove prompt injection as a threat.

On its help page, OpenAI is blunt about the audience. “Lockdown Mode is not intended for everyone,” the company says.

With the toggle enabled, ChatGPT gives up some reach. The OpenAI Help Center says the mode disables six capabilities: live web browsing, image support, Deep Research, Agent Mode, Canvas networking and file downloads. Users lose parts of the product that make it useful for research and multi-step work. Attackers also lose some routes they could try to use to pull data out of a session.

Account coverage is broad for a security feature. OpenAI says the setting is available to Free, Go, Plus and Pro accounts, giving individual users a visible switch even when they are using personal ChatGPT accounts beside approved workplace software. For IT teams, that is more precise than treating every ChatGPT session the same way.

Elevated Risk labels are the second part of the change. They warn users when a request or feature may carry a higher chance of data exposure. Those warnings move security advice closer to the moment a user connects tools, browses the web or asks the assistant to handle sensitive material.

The trade-off behind safer sessions

Limits remain explicit. OpenAI says Lockdown Mode does not stop prompt injections from appearing in content ChatGPT processes. The goal is to reduce the chance that those instructions lead to harmful actions or expose private material through connected features.

“Lockdown Mode does not prevent prompt injections from appearing in the content ChatGPT processes,” OpenAI says in its help material.

For organisations writing rules for AI assistants, that distinction matters. Blocking browsing or file downloads can lower exposure during sensitive tasks, but it still needs to sit beside data-handling rules, approved connector lists and staff training on what should never be pasted into a chatbot. Teams also need decisions on prompt audits, third-party plug-ins and the place of personal accounts alongside managed enterprise tools.

Australian businesses will have to decide when higher-risk AI work belongs in a reduced-capability session. A finance team summarising internal files, a support worker reviewing customer data and a developer pasting logs into an assistant do not carry the same exposure. Lockdown Mode gives those users a switch they can see, though employers still have to define when it is mandatory.

Placement is the larger signal. Prompt injection used to sit mainly in research papers, red-team demos and security write-ups. A consumer-visible security mode puts it closer to privacy settings, download warnings and browser safe modes. Vendors selling AI assistants into business use now have to show how their agents can switch off reach, not only add more of it.