ChatGPT's new Lockdown Mode lets you disable web access and more to protect sensitive data from prompt injection

With the new Lockdown Mode, ChatGPT users can disable web access, Deep Research, and Agent Mode to better protect themselves against data theft through prompt injection attacks. The feature is aimed primarily at users handling sensitive data.

Lockdown Mode restricts all features that connect ChatGPT to the internet or external services. The goal is to prevent attackers from using prompt injections, hidden instructions embedded in text or files, to manipulate the model's behavior and exfiltrate sensitive user data. OpenAI says the feature is designed for individuals and organizations working with particularly sensitive data.

Live web search gets limited to cached content, which means search results may be outdated or unavailable entirely. Deep Research and Agent Mode are fully disabled. ChatGPT can no longer download files and won't display web images in regular responses. Network access for Canvas-generated code is blocked too.

Prompt injection remains an unsolved problem

OpenAI calls prompt injection a "frontier, challenging research problem" it's working to solve. That's true, but only part of the story: prompt injections have been a well-known LLM vulnerability since at least GPT-3, frequently exploited, and years of research still haven't produced a fix.