OpenAI launches Lockdown Mode to block prompt injection attacks

OpenAI has introduced a new security feature called Lockdown Mode, designed to shield users from prompt injection attacks , a growing threat where malicious instructions are secretly embedded in webpages, documents, or other content sources that chatbots interact with.

When activated, Lockdown Mode imposes several key restrictions to minimize exposure. It disables live web browsing, limiting the model to cached content only. It also blocks the retrieval and display of images from the web (though image generation remains available), and suspends access to deep research and agent mode features. These measures aim to reduce the attack surface for prompt injection, which can trick the AI into revealing sensitive information or acting against user intent.

However, OpenAI acknowledges that Lockdown Mode is not a foolproof solution. Even with the feature enabled, ChatGPT could still be vulnerable to prompt injections that “appear in cached web content or in an uploaded file, and could still affect the behavior or accuracy of a response.” The primary goal, the company explains, is to lower the risk of data exfiltration , the unauthorized transfer of sensitive data during a session.

“Lockdown Mode is not intended for everyone,” OpenAI states. “It is designed for people and organizations that handle sensitive data and want stricter protection from data exfiltration risks related to prompt injection.”

The rollout is currently underway for self-serve ChatGPT Business accounts, as well as eligible personal accounts. This move reflects a broader industry push to fortify AI systems against increasingly sophisticated adversarial inputs, especially as enterprises integrate chatbots into workflows involving confidential or regulated information.