What is OpenAI Lockdown Mode for?

OpenAI rolls out “Lockdown Mode” to blunt prompt-injection attacks

OpenAI has started rolling out Lockdown Mode for ChatGPT. The feature is designed as an optional security setting intended to reduce the risk of attackers stealing data through prompt injection—malicious instructions hidden in content that tries to override a model’s intended behavior.

Lockdown Mode works by disabling or limiting some capabilities inside ChatGPT, trading off functionality for stronger resistance to these specific attacks. The rollout is positioned as something that most users do not need, but that becomes relevant when the threat model includes high-value or sensitive information.

In practice, the key point is that Lockdown Mode targets a particular failure mode: when untrusted webpages or other inputs trick the system into following instructions that the user never intended. By restricting what the model can do in that environment, OpenAI aims to prevent the kind of data exfiltration prompt injection can enable.

This matters because prompt injection has become one of the most common ways to exploit “agentic” or tool-using AI systems. As chatbots increasingly integrate with workflows—summarizing documents, pulling data, or triggering actions—the blast radius of a single malicious prompt expands. A dedicated mode helps organizations and power users adopt stricter safety controls without having to change to a completely different product or model.

Even with the feature, users still need to treat inputs as untrusted when they include sensitive data. But Lockdown Mode represents a more concrete step toward defense-in-depth for everyday AI usage, not just academic security research.