OpenAI has announced Lockdown Mode, a new feature designed to mitigate risks associated with prompt injection attacks. This security measure restricts several high-risk capabilities within the ChatGPT interface, specifically disabling live web browsing, the retrieval and display of external images, deep research functions, and agent mode. By forcing the system to rely solely on cached content rather than real-time internet access, the company aims to prevent malicious instructions hidden in unverified webpages or uploaded files from compromising user interactions. While the feature explicitly states that vulnerabilities cannot be entirely eliminated, the primary objective is to significantly reduce the likelihood that sensitive information is exfiltrated during these attacks. The rollout is currently limited to self-serve ChatGPT Business accounts and eligible personal accounts, indicating that this is a targeted solution for users requiring stricter data protection protocols rather than a universal default setting.
The introduction of Lockdown Mode highlights a critical shift in how AI safety is managed as models become more autonomous and connected to external data sources. As prompt injection evolves into a sophisticated threat vector capable of manipulating model behaviour through seemingly benign content, organisations handling confidential data must adopt defensive measures that limit the model’s exposure to untrusted inputs. This development underscores the inherent tension between the utility of real-time information retrieval and the necessity of data privacy in enterprise environments. It also signals a growing industry standard where security configurations will increasingly be segmented by user role and data sensitivity, moving away from a one-size-fits-all approach to AI interaction.
* Lockdown Mode disables live web browsing, external image retrieval, deep research, and agent mode to limit exposure to prompt injection vectors.
* The feature is currently available to ChatGPT Business accounts and eligible personal accounts rather than the general public.
* OpenAI acknowledges that the feature reduces but does not completely eliminate the risk of data exfiltration via cached content or uploaded files.



