Bright Nexus

Published on June 7, 2026

New ChatGPT Lockdown Mode Limits Tools That Could Enable Data Exfiltration

Severity

Medium

Detail

OpenAI has begun rolling out Lockdown Mode for eligible ChatGPT personal and business accounts to help reduce the risk of data exfiltration through prompt injection attacks. The optional security feature is designed for users and organizations that handle sensitive information and require stronger safeguards against unintended data exposure.

Lockdown Mode is available to logged-in users on Free, Go, Plus, Pro, and self-serve ChatGPT Business plans.

How?

Lockdown Mode is designed to minimize potential pathways that prompt injection attacks could use to extract sensitive data. Rather than preventing prompt injections entirely, the feature focuses on limiting outbound connections and capabilities that could be abused to transmit information to attacker-controlled systems.

When enabled, Lockdown Mode restricts or disables several features that interact with external content and services, including:

  • Live web browsing, limiting access to cached content only
  • Image retrieval and display from the web
  • Deep Research
  • Agent Mode
  • Canvas networking capabilities
  • File downloads used for data analysis

These restrictions build upon existing sandboxing and security controls by reducing opportunities for malicious prompts hidden within websites, documents, or other content to trigger unauthorized network activity.

OpenAI noted that Lockdown Mode does not alter memory functionality, file upload behavior, or conversation-sharing features. Additionally, it does not eliminate all prompt injection risks, as malicious content may still influence model responses or behavior even if data exfiltration pathways are restricted.

The company also confirmed that Lockdown Mode and Developer Mode are mutually exclusive, meaning enabling one automatically disables the other.

Conclusion

Lockdown Mode represents an additional layer of defense for users handling sensitive information by reducing the attack surface available to prompt injection-based data exfiltration attempts. While it does not completely eliminate prompt injection risks, it significantly limits the capabilities that could be leveraged to transfer data outside the ChatGPT environment.

Alongside Lockdown Mode, OpenAI has introduced enhanced session management features that allow users to review active ChatGPT sessions and remotely sign out of individual or all devices if suspicious account activity is detected.

Organizations and security-conscious users should consider enabling Lockdown Mode when working with sensitive data and regularly review active account sessions to strengthen overall account security.

Source

https://thehackernews.com/2026/06/new-chatgpt-lockdown-mode-limits-tools.html