What happened
OpenAI began rolling out Lockdown Mode for eligible personal ChatGPT accounts on June 6, 2026. When enabled, the setting disables live web browsing (switching to cached/offline content), removes agent mode, deep research, and external image retrieval — all channels previously exploited by prompt injection to exfiltrate sensitive data. OpenAI acknowledges the mode does not fully eliminate prompt injection risk (cached content and uploaded files can still carry malicious instructions) but substantially reduces the exfiltration surface.
Why it matters
This is the first production guardrail shipped by a major LLM provider specifically scoped to the prompt-injection data-exfiltration attack class — validating that the threat is operationally real enough to warrant a product-level response. Enterprises evaluating ChatGPT for sensitive use cases now have a concrete security control to evaluate, and the mode's limitations (cached content risk, mutual exclusivity with Developer Mode) define the residual risk that still needs compensating controls.
Applicability
Applicable to all organisations deploying ChatGPT for sensitive internal use (legal, finance, HR); security teams should evaluate enabling Lockdown Mode for regulated-data workflows, assess whether the feature's constraints (no live browsing, no agent mode) are acceptable for their use cases, and establish admin policies to default high-sensitivity user roles to Lockdown Mode.