Technology

OpenAI launches ChatGPT Lockdown Mode

Feature disables live browsing and agent tools to limit prompt injection exposure, security setting arrives with warning it cannot fully prevent attacks

Images

Image Credits:sarayut Thaneerat / Getty Images Image Credits:sarayut Thaneerat / Getty Images techcrunch.com
techcrunch.com
techcrunch.com
Sriram Krishnan (center) Sriram Krishnan (center) techcrunch.com
US President Donald Trump speaks after signing executive orders in the Oval Office of the White House in Washington, DC, on May 23, 2025. US President Donald Trump speaks after signing executive orders in the Oval Office of the White House in Washington, DC, on May 23, 2025. techcrunch.com

OpenAI has added a new “Lockdown Mode” to ChatGPT accounts, a feature the company says is meant to reduce the risk of sensitive information being pulled out through so-called prompt injection attacks. According to TechCrunch, the mode is rolling out to self-serve ChatGPT Business customers and to eligible personal accounts.

Prompt injection is a problem created by the way modern chatbots are asked to act like tools: they read documents, browse the web, and follow chains of instructions that users may not see. A malicious instruction can be hidden inside a web page or other content source, and the model can be tricked into following it—sometimes by revealing private data from the conversation or by changing what it does next. OpenAI’s answer, at least for higher-risk use cases, is to narrow what the system is allowed to touch.

Lockdown Mode turns off live web browsing and restricts the model to cached content. It also blocks retrieval and display of images from the web, while still allowing users to generate images. OpenAI says the mode disables “deep research” and “agent mode” as well—features that typically involve the model taking more steps on a user’s behalf, pulling in more external material, and therefore expanding the number of places an attacker can hide instructions.

The company is explicit that the setting is not a silver bullet. Even with Lockdown Mode enabled, OpenAI says ChatGPT can still be vulnerable to prompt injections that appear in cached content or in files a user uploads. That caveat matters because the feature is being marketed to “people and organizations that handle sensitive data,” the very users most likely to connect ChatGPT to internal documents, reports, and other material that is valuable precisely because it is not public.

The release also underlines how quickly “prompt engineering” has turned into operational security. The more a chatbot is used as a browsing assistant, a research tool, or an agent that acts across multiple sources, the more the user is effectively delegating trust decisions to a system that reads whatever it is fed. Lockdown Mode’s main promise is not better answers but fewer inputs.

OpenAI’s announcement positions the feature as optional and “not intended for everyone.” In practice, it draws a line between convenience features designed to make ChatGPT more autonomous and the constraints required when the same system is used around confidential work.

Lockdown Mode reduces what ChatGPT can fetch from the outside world, and OpenAI still warns that injected instructions can arrive through cached pages and uploaded files.