OpenAI has expanded Lockdown Mode to all ChatGPT users, a security feature that disables web browsing, image retrieval, deep research, and agent mode to reduce the risk of prompt injection attacks. The rollout, announced on June 6, 2026, applies to free, paid, and business accounts, though the company is candid that the feature is designed primarily for organizations handling sensitive data in regulated industries like healthcare, finance, and law.

What Is Prompt Injection and Why Should You Care?

Prompt injection is a type of cyberattack where malicious instructions are hidden inside webpages, documents, or other content that an AI model processes. When the model ingests this content, it may execute the hidden instructions as if a user had typed them directly. The risk has grown significantly as AI models have gained more autonomous capabilities, including the ability to browse the web, fetch files, and take actions on a user's behalf.

For enterprise users working with sensitive information, a successful prompt injection attack could lead to data exfiltration, where confidential information is leaked outside the conversation without the user's knowledge. This is why OpenAI is positioning Lockdown Mode as a critical control for regulated industries where the cost of a single data breach far exceeds the productivity loss from disabling certain features.

What Features Does Lockdown Mode Disable?

When Lockdown Mode is enabled, ChatGPT loses access to several of its most powerful and internet-connected capabilities. Here is the complete list of disabled features:

• Live Web Browsing: ChatGPT can only access cached content from search results, meaning results may be limited, unavailable, or outdated.
• Web Image Retrieval: ChatGPT cannot retrieve or display images from the internet, though users can still upload image files and generate new images.
• Deep Research: The deep research feature, which allows ChatGPT to conduct extended investigations across multiple sources, is completely disabled.
• Agent Mode: Agent mode, which gives ChatGPT autonomous decision-making capabilities, is turned off entirely.
• Canvas Networking: Users cannot approve code generated in Canvas to access the network.
• File Downloads: ChatGPT cannot download files for data analysis, though it can still process manually uploaded files.

The trade-off is deliberate: users retain the conversational core of ChatGPT while losing the features most likely to reach out to the open internet on their behalf.

How to Enable Lockdown Mode on Your ChatGPT Account

Enabling Lockdown Mode is straightforward for eligible users. Follow these steps to activate the feature:

• Access Settings: Open ChatGPT and navigate to your account settings.
• Find Security Options: Look for the Security section within Settings.
• Enable Lockdown Mode: Toggle Lockdown Mode on when it becomes available for your account.
• Review Disabled Features: Understand which features will be restricted before enabling the mode.
• Manage Active Sessions: Use the Active Sessions feature to review where your account is signed in and end sessions on untrusted devices.

The Active Sessions feature, also rolling out across all ChatGPT accounts, allows users to see device information, browser context, approximate location, sign-in date and time, and whether a device is marked as trusted. This gives users visibility into account access and the ability to revoke sessions remotely.

What Lockdown Mode Does Not Protect Against

OpenAI is transparent about the limitations of Lockdown Mode. The company explicitly states that the feature does not completely block prompt injections from appearing in content that ChatGPT processes. A malicious instruction could still be present in an uploaded file or cached web content, and such an injection could still affect ChatGPT's behavior or response accuracy.

This is a critical caveat for enterprise users. Document upload is central to how business teams actually work with ChatGPT, and Lockdown Mode does not disable file uploads. This means a malicious PDF, spreadsheet, or other document routed through a normal business workflow remains a plausible attack vector, even with Lockdown Mode enabled. Security teams adopting the feature will need layered controls around document intake rather than treating Lockdown Mode as a complete solution.

Who Is Lockdown Mode Really For?

OpenAI is unusually direct about the intended audience for this feature. Lockdown Mode is not designed for general users, but rather for organizations handling sensitive data in regulated sectors such as legal services, healthcare, finance, and defense contracting. For a knowledge worker drafting documents against internal files, the productivity trade-off of losing browsing and agent mode reads as cheap insurance against data exfiltration.

The rollout began with self-serve ChatGPT Business accounts and eligible personal accounts, reflecting OpenAI's focus on enterprise security. However, the feature is now available to all personal ChatGPT accounts, including Free, Go, Plus, and Pro tiers, as well as self-serve business accounts.

What This Means for the Future of AI Security

Lockdown Mode represents an acknowledgment that defenses at the model layer alone are not yet sufficient to prevent prompt injection attacks, especially as AI systems become more agentic and autonomous. By offering users a kill switch for the most exposed features, OpenAI is shifting the burden of security onto customers in a way that is more transparent than pretending the problem is solved.

This approach reflects a broader shift in how the AI industry thinks about security. A year ago, prompt injection was largely a research curiosity demonstrated against early browsing plugins. Today, with agentic workflows now in production at OpenAI, Anthropic, Google, and Microsoft, security teams have a legitimate concern that an AI model acting on a user's behalf could be hijacked by content the user never explicitly trusted.

The harder question for OpenAI and every competitor shipping agentic features is how long the market will tolerate a security model that depends on customers turning capabilities off to stay safe. For now, Lockdown Mode offers a practical control for regulated industries, but it also highlights the ongoing tension between AI capability and AI security.