**OpenAI** has introduced **Lockdown Mode** for **ChatGPT**, an advanced security feature aimed at mitigating the risks of data exfiltration stemming from prompt injection attacks. This strategic rollout targets personal accounts across Free, Go, Plus, Pro, and self-serve **ChatGPT Business** plans, providing enhanced protection for sensitive data. ### Understanding Lockdown Mode's Purpose **Lockdown Mode** is an opt-in setting designed to restrict many of **OpenAI**'s tools and capabilities that interact with the web or external services. **OpenAI** stated, "It is designed to reduce the risk of data exfiltration from prompt injection attacks by limiting outbound network requests, at the expense of disabling or limiting some useful features." The initiative directly addresses prompt injection, a "frontier" problem that continues to challenge the security of all large language models (**LLMs**). By building upon existing sandboxing and controls, the mode specifically targets **URL-based data exfiltration mechanisms**, preventing sensitive information from being transmitted to attacker-controlled infrastructure. ### Features Disabled for Enhanced Security The core idea behind **Lockdown Mode** is not to prevent prompt injections entirely, nor does it alter how memory or file uploads function. Instead, its objective is to eliminate potential avenues for data exfiltration. To achieve this, several features are disabled: * **Live web browsing**: Limited to accessing only cached content. * **Image support**: Prevents displaying images in responses or retrieving them from the web. * **Deep research**. * **Agent mode**. * **Canvas networking**: Blocks user approval of **Canvas**-generated code from accessing the network. * **File downloads**: Prevents downloading files for data analysis. ### Important Caveats and Limitations **OpenAI** emphasizes that **Lockdown Mode** is not intended for every user. It cannot be used concurrently with **Developer Mode**; activating one will disable the other. Furthermore, while significantly reducing risk, **Lockdown Mode** does not offer a complete guarantee against data exfiltration. **OpenAI** acknowledged, "Risk may remain through enabled Apps, unforeseen combinations of capabilities, or newly discovered techniques." The company also clarified that the mode doesn't prevent all other effects of prompt injection attacks, such as malicious instructions hidden in uploaded files influencing **ChatGPT**'s behavior and potentially leading to incorrect answers. ### Broader Security Enhancements In a related development, **OpenAI** has also launched a new account management feature for **ChatGPT**. This allows users to review active sessions, log out of individual or all sessions, and identify any signs of unauthorized account activity. The session information includes details such as the device, app used, approximate location, sign-in date and time, and whether the device is trusted or represents the current session.