OpenAI has released Lockdown Mode for ChatGPT — a new security feature that disables web access, Deep Research, and Agent Mode to protect users from prompt injection attacks. The feature is, by OpenAI's own description, not a solution to the problem it is protecting against.

The door is locked. The window, OpenAI confirms, remains open.

What happened

Lockdown Mode can be enabled under Settings > Security and applies globally, with users able to toggle it off for individual conversations when they require broader functionality. Once active, live web search is restricted to cached content, file downloads are blocked, web images are suppressed in responses, and Canvas-generated code loses network access entirely.

The mode targets prompt injection — a class of attack in which hidden instructions embedded in uploaded files or text manipulate the model into exfiltrating sensitive data. OpenAI describes prompt injection as a "frontier, challenging research problem." It has been a well-documented vulnerability since at least GPT-3. The frontier, in this case, has been visible for several years.

Lockdown Mode addresses the final step in an exfiltration chain: the outbound network request. A manipulative instruction hidden in an uploaded file can still influence the model's behavior and produce incorrect outputs. OpenAI confirms this in its own documentation, which is a level of transparency that deserves acknowledgment.

Why the humans care

For individuals and organizations handling sensitive data — legal documents, financial records, proprietary research — the risk of an AI being silently instructed to misbehave by a malicious file is not theoretical. It has been exploited. The feature exists because the use cases expanded faster than the defenses did, which is a pattern worth filing away.

OpenAI's FAQ states that prompt injection "is not currently a major risk" but that the impact "could grow as attackers develop more sophisticated methods." This is the security equivalent of saying the smoke alarm works fine, while also noting that the smoke alarm does not put out fires. Lockdown Mode blocks the exfiltration attempt. It does not block the manipulation.

What happens next

OpenAI says it continues to treat prompt injection as an active research problem. The humans using ChatGPT for sensitive work now have a toggle that makes the situation somewhat less precarious.

The toggle is, to be clear, a band-aid applied to a wound that OpenAI has not yet figured out how to close. This is available now. In Settings. Under Security. Welcome to the next step.