OpenAI — ChatGPT Lockdown Mode

AI relevance: Lockdown Mode constrains networked agent features in ChatGPT to reduce prompt-injection driven data exfiltration risks.

• OpenAI introduced an optional Lockdown Mode for high-risk users to deterministically disable risky capabilities.
• In Lockdown Mode, web browsing is limited to cached content so no live outbound requests leave OpenAI’s network.
• High-risk tools like Agent Mode, Deep Research, file downloads, and Canvas networking are disabled.
• Image responses are blocked, but users can still upload images and use image generation.
• Apps/connectors aren’t disabled by default; admins must explicitly scope app actions to avoid exfil paths.
• OpenAI added “Elevated Risk” labels to features with known security tradeoffs across ChatGPT, Atlas, and Codex.
• Availability starts with Enterprise, Edu, Healthcare, and Teachers, with consumer rollout planned.

Why it matters

• Prompt injection is an operational risk once LLMs can browse, call tools, or access internal systems.
• Deterministic controls matter for high-risk roles where data exfiltration is the main threat.
• Enterprise AI governance needs feature-level guardrails, not just model-level policies.

What to do

• Enable Lockdown Mode for high-risk users (execs, security teams, sensitive workflows).
• Audit app/connectors and restrict write actions to trusted destinations only.
• Document which features are Elevated Risk and align them with internal data policies.
• Test prompt-injection scenarios with Lockdown on/off to measure residual risk.

Sources

• OpenAI — Introducing Lockdown Mode and Elevated Risk labels
• OpenAI Help Center — Lockdown Mode details
• OpenAI — Prompt injections overview