OpenAI launches Lockdown Mode to block prompt injection attacks

OpenAI has introduced a new optional security setting for ChatGPT that limits the AI's connections to the web and external services a direct response to prompt injection attacks, where malicious instructions hidden inside webpages or uploaded files attempt to manipulate the AI into leaking sensitive data.

When enabled, Lockdown Mode disables a significant portion of ChatGPT's network-connected capabilities. Live web browsing is replaced with cached content only, meaning search results may be limited or out of date. Deep research and agent mode are turned off entirely.

ChatGPT cannot retrieve or display images from the web, though users can still upload image files and image generation remains available. Canvas-generated code cannot access the network, and ChatGPT cannot download files for data analysis though it can still work with files uploaded manually by the user.

Prompt injection can be found in cached content or file uploads that may have some influence on the behaviour of ChatGPT as well as the output generated.

The mode focuses on the last phase of data exfiltration where sensitive data cannot be leaked instead of stopping the prompt injection at the beginning.

Settings like memory management, file uploads, conversation sharing, and the use of conversations to train the model are independent of the Lockdown Mode configuration and can still be configured separately.

This feature is currently being rolled out to ChatGPT Business accounts that operate on the self-serve plan as well as personal users. The administrators of managed workspaces can also assign the lockdown mode as a role-based permission for select team members.

When it comes to managed workspaces, there is no automatic disabling of connected apps in such instances. The administrator will need to perform an audit of connected apps as well as determine if the actions should be allowed on the app.

How to enable OpenAI Lockdown Mode?

For personal and self-serve ChatGPT Business accounts, Lockdown Mode is found under Settings, then Security, then Advanced Security. Turning it on also disables Developer Mode the two settings cannot run simultaneously.

A status indicator appears above the chat composer when Lockdown Mode is active, and it can be toggled off for individual conversations without changing the account-wide setting.