OpenAI has introduced a new "Lockdown Mode" for ChatGPT, aimed at shielding users from prompt injection attacks — a technique in which adversaries embed malicious instructions within webpages, documents, or other content that the chatbot may process. The feature is now rolling out to self-serve ChatGPT Business accounts as well as eligible personal users, according to a TechCrunch report from Anthony Ha on June 18.
When activated, Lockdown Mode significantly restricts the chatbot's access to outside content. Live web browsing is disabled, leaving only cached pages available. The tool also blocks the retrieval and display of images from the web, though users can still generate new images through ChatGPT. Additionally, both the "deep research" function and "agent mode" — which allow the AI to perform multi-step autonomous tasks — are turned off under the new setting.
OpenAI is being upfront that Lockdown Mode does not eliminate the threat entirely. The company acknowledged that prompt injections can still surface in cached web content or in files a user uploads, meaning the model's behavior or the accuracy of its responses could still be manipulated. Rather than offering a complete fix, the feature is designed to shrink the attack surface and lower the odds that sensitive data leaves a user's control during a session.
The company is positioning Lockdown Mode as a niche tool, not a default setting. "It is designed for people and organizations that handle sensitive data and want stricter protection from data exfiltration risks related to prompt injection," OpenAI said, suggesting the trade-off in functionality is aimed at enterprise customers, security researchers, journalists, and others who routinely feed confidential information into AI systems.