Skip to content

OpenAI Rolls Out Lockdown Mode for ChatGPT

The Point: Lockdown Mode disrupts one of three necessary conditions for successful data exfiltration attacks on LLM systems by blocking exfiltration vectors.

OpenAI has activated Lockdown Mode for ChatGPT, a feature designed to prevent data exfiltration following prompt injection attacks. The mode limits outbound network requests and is currently rolling out to personal accounts and ChatGPT Business.

OpenAI is actively distributing Lockdown Mode to eligible personal accounts (Free, Go, Plus, Pro) and self-service ChatGPT Business accounts. The feature was announced in February and addresses a specific vulnerability: the final exfiltration stage of prompt injection attacks.

Lockdown Mode works by limiting outbound network requests that an attacker could exploit to transmit data. It is crucial to understand what the feature does not do: It does not prevent prompt injections. These can still appear in cached web content or uploaded files and influence the behavior or accuracy of responses.

The approach targets a core technical problem in LLM security known as the “Lethal Trifecta”: systems that simultaneously can access private data, are exposed to untrusted content, and have exfiltration pathways are vulnerable to data theft. Lockdown Mode specifically severs the exfiltration leg of this trifecta — and does so through deterministic mechanisms that are not evaluated by AI systems themselves, and therefore cannot be circumvented by sophisticated attacks.

However, the existence of Lockdown Mode as a separate feature also indicates that ChatGPT in its standard configuration has so far lacked robust protection against determined data exfiltration attacks. With this measure, OpenAI is drawing the most practically sensible boundary — modifying the system’s foundation itself would be considerably more complex and could substantially diminish the tool’s usefulness.


Source: simonwillison.net · Published 6 June 2026
Lumi AI News — AI-assisted curation pursuant to Article 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.6.5.

Share on: