- OpenAI has launched a new optional Lockdown Mode for ChatGPT personal accounts to mitigate data theft risks from prompt injection attacks.
- The feature disables or limits web-connected tools like live browsing, image support, and file downloads to reduce outbound data exfiltration pathways.
- It is designed for users handling sensitive information but does not guarantee complete protection against all prompt injection effects.
- Concurrently, a new session management tool allows users to review and log out of active chats to counter unauthorized account access.
On June 6, 2026, OpenAI began deploying a new security feature called Lockdown Mode for eligible ChatGPT users, targeting the persistent threat of data exfiltration. This optional setting is aimed at individuals and organizations that require stricter data protection guarantees while using the AI assistant.
The feature, detailed in a company help article, is an advanced security measure that limits tools capable of connecting to external services. Consequently, it significantly reduces the attack surface against prompt injection, which remains a “frontier problem” for all large language models.
Specifically, Lockdown Mode builds upon existing sandboxing to combat URL-based data exfiltration mechanisms. It achieves this by restricting outbound network requests that could send sensitive data to malicious infrastructure.
The mode disables several functionalities to eliminate potential data leaks. These include live web browsing, image retrieval, Deep Research, and Agent Mode.
It also blocks Canvas networking and prevents file downloads for data analysis. However, OpenAI clarified that the feature is not intended for all users and cannot be used simultaneously with Developer Mode.
The company explicitly stated that “Lockdown Mode is designed to substantially reduce the risk of prompt injection-based data exfiltration in ChatGPT and supported OpenAI products, but it does not guarantee that data exfiltration cannot happen.” Meanwhile, the rollout coincides with the launch of a new account session management tool.
This additional feature allows users to review active sessions and log out of any suspicious activity. It provides details such as device type, approximate location, and sign-in time for enhanced security monitoring.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
