OpenAI introduces Lockdown Mode to strengthen protection against prompt injection attacks
OpenAI launches Lockdown Mode and session-monitoring tools to help protect users from prompt-injection attacks.
OpenAI has started rolling out a new security feature called Lockdown Mode, providing users with an additional layer of protection against prompt-injection attacks. The optional setting is designed for individuals and organisations that handle sensitive information and require stronger safeguards when using artificial intelligence tools.
Table Of Content
Prompt injection attacks are a form of social engineering targeting AI chatbots. As AI systems increasingly access and process information from websites and online sources, malicious actors have found ways to embed hidden instructions within content. These instructions can attempt to manipulate AI systems into revealing information or performing unintended actions.
A new security layer for high-risk users
According to OpenAI, Lockdown Mode serves as an extra line of defence on top of the existing security measures built into ChatGPT, its AI models, and its backend infrastructure. The company emphasised that the feature is not intended for every user but is aimed at those who face elevated security risks.
“Lockdown Mode is not intended for everyone,” OpenAI explains. “It is designed for people and organisations that handle sensitive data and want stricter protection from data exfiltration risks related to prompt injection.”
The company said the new setting focuses on reducing opportunities for attackers to extract sensitive information from a user’s account. Rather than preventing malicious instructions from appearing in content processed by ChatGPT, Lockdown Mode restricts how those instructions could interact with external systems or data sources.
OpenAI noted that the feature is particularly relevant as AI-powered assistants become more capable of browsing the web, analysing documents and connecting with external services. These capabilities improve usefulness but can also create additional security risks if attackers exploit prompt injection techniques.
Feature restrictions help reduce potential risks
To strengthen security, Lockdown Mode limits several ChatGPT functions that could otherwise be used as attack vectors. Some capabilities remain available, including image generation and manual image uploads. However, the system may no longer retrieve images from the internet or display images directly within responses while the mode is active.
Users can continue uploading files manually for analysis, but ChatGPT will not download files on their behalf. OpenAI said this restriction is intended to reduce the possibility of harmful content being introduced through automated file retrieval.
Several advanced features are disabled entirely when Lockdown Mode is turned on. These include Deep Research and Agent Mode, both of which involve broader access to information sources and automated task execution. By limiting these functions, OpenAI aims to minimise opportunities for prompt-injection attacks that could influence the AI’s behaviour.
The company also clarified that Lockdown Mode does not affect every aspect of the user experience. “Lockdown Mode does not change memory, file uploads, the ability to share a conversation, or whether your conversations may be used to improve models,” OpenAI adds. “Many of these settings are separately configurable by workspace admins.”
This means users who require additional privacy or data-management controls may still need to adjust other account settings independently of Lockdown Mode. The feature focuses specifically on reducing prompt-injection-related risks rather than serving as a comprehensive privacy solution.
Account monitoring tools arrive alongside the rollout
OpenAI is making Lockdown Mode available to all personal ChatGPT accounts, including users on the free tier. To enable the feature, users can open the settings menu, navigate to the Safety and security section and activate the Lockdown Mode toggle under Advanced security settings.
The protection can also be temporarily disabled for individual conversations. Users can select the status message displayed above the chat window, then choose the management option to switch off Lockdown Mode for a specific chat session, if required.
Alongside the new security feature, OpenAI has introduced an active session management tool designed to help users monitor access to their accounts. The feature allows users to view devices and web browsers that are currently or previously signed into their ChatGPT account.
From the session management interface, users can choose to sign out of a specific session or log out of all active sessions simultaneously. OpenAI noted that a full account-wide logout may take up to 30 minutes to complete across all devices.
The company advised users who believe their accounts may have been compromised to take immediate action. “If you suspect unauthorised account activity, change your password if you use one, review your sign-in methods, and contact OpenAI Support,” the company adds.
The introduction of Lockdown Mode and active session monitoring reflects the industry’s growing focus on AI security. As artificial intelligence tools become more deeply integrated into personal and professional workflows, developers are increasingly investing in measures that help protect users from emerging threats while maintaining access to advanced capabilities.
