OpenAI rolls out Lockdown Mode to more ChatGPT users to fight prompt injection attacks

OpenAI has begun rolling out Lockdown Mode to personal ChatGPT accounts, covering Free, Go, Plus, and Pro users, as well as self-serve ChatGPT Business accounts. This extends a security feature previously launched for enterprise plans in February 2026 to a broader user base.

Designed for individuals and organizations that handle sensitive information, Lockdown Mode provides stricter protection by limiting access to the web and external services. This optional setting is intended for those concerned about the risk of data exfiltration from prompt injection attacks rather than general users.

When Lockdown Mode is active, key capabilities including live web browsing, image support, deep research, agent mode, canvas networking, and file downloads are disabled. However, memory features, file uploads, conversation sharing, and the potential use of chats to improve models remain unaffected.

These restrictions are part of a wider set of protections across the model, product, and system layers. Measures such as sandboxing, URL-based exfiltration controls, enterprise management tools like role-based access, monitoring, and audit logs support this mode. While Lockdown Mode reduces the likelihood of sensitive data leaving ChatGPT via network requests, it does not prevent all prompt injection content from reaching users.