OpenAI just shipped Lockdown Mode, a new ChatGPT setting built to shield sensitive data from prompt injection attacks. According to TechCrunch AI, the feature targets a specific threat: malicious instructions hidden inside webpages, files, and other content that ChatGPT reads, then quietly acts on. The goal isn’t to block every attack. It’s to cut the odds that your private data leaks out while the model is working.
Prompt injection has become one of the thorniest problems in AI security. When a chatbot can browse the web or open files, it can also be tricked by instructions buried in that content. Those hidden commands can hijack the model’s behavior or push it to exfiltrate data. Lockdown Mode is OpenAI’s answer: shrink the attack surface by turning off the riskiest capabilities.
What Lockdown Mode actually does
TechCrunch AI reports that switching it on disables several features ChatGPT users lean on:
- Live web browsing. You can only reach cached content, not the live internet. That closes the door on freshly planted malicious instructions sitting on a webpage.
- Web image retrieval and display. ChatGPT won’t pull or show images from the web. You can still generate images, so the creative side stays intact.
- Deep research. The multi-step research mode that crawls many sources goes dark while Lockdown Mode is active.
- Agent mode. The autonomous, task-completing agent features are switched off too.
The pattern here is clear. Every disabled feature is one that lets ChatGPT reach out and ingest untrusted external content. Strip those away, and there are fewer doors for an attacker to slip instructions through.
OpenAI is honest about the limits
What stands out is that OpenAI isn’t overselling this. The company says ChatGPT could still be vulnerable even with Lockdown Mode turned on. As it puts it, prompt injections could “appear in cached web content or in an uploaded file, and could still affect the behavior or accuracy of a response.”
That’s a useful admission. Cached pages and uploaded documents are still entry points. Lockdown Mode reduces risk; it doesn’t erase it. Treat it as a tighter seatbelt, not a force field.
Who it’s for
OpenAI is direct that this isn’t a default-on setting for the masses. “Lockdown Mode is not intended for everyone,” the company says. “It is designed for people and organizations that handle sensitive data and want stricter protection from data exfiltration risks related to prompt injection.”
Think legal teams, healthcare, finance, or anyone whose chat history might contain data that can’t afford to walk out the door. For those users, losing browsing and agent mode is a fair trade for tighter control.
Availability
Per TechCrunch AI, OpenAI is rolling Lockdown Mode out now to:
- Self-serve ChatGPT Business accounts
- Eligible personal accounts
The article doesn’t mention a separate price tag, which suggests it’s bundled into existing plans rather than sold as an add-on. There’s also no firm word on broader enterprise or Team availability yet.
Why it matters
This is significant because it signals how AI vendors are starting to treat security: not as one universal setting, but as a dial users can turn up when the stakes are high. Apple borrowed the same “Lockdown Mode” name for high-risk iPhone users, and the logic carries over. Give people who need maximum protection a hardened mode, and accept that it costs some convenience.
It also reflects a tension the whole industry is wrestling with. The more autonomous and connected these models get, browsing, researching, acting as agents, the more ways there are to manipulate them. OpenAI’s fix is to let cautious users dial that autonomy back down.
The open question is whether reactive lockdowns are enough, or whether prompt injection needs to be solved deeper in the model itself. For now, organizations handling sensitive data have a new lever to pull. More details are available in the original TechCrunch AI report.