clauding.de
DE
2 min read AI-generated

ChatGPT Lockdown Mode: OpenAI Switches Off Everything That Could Go Wrong

Copy article as Markdown

A new security mode against prompt injection: in Lockdown Mode, ChatGPT cuts web access, Agent Mode, Deep Research, and file downloads. An honest move - and an admission at the same time.

OpenAI ChatGPT Security Prompt Injection Agents
Featured image for "ChatGPT Lockdown Mode: OpenAI Switches Off Everything That Could Go Wrong"

OpenAI has introduced a new security mode for ChatGPT: Lockdown Mode, alongside new «Elevated Risk» labels. The goal is stated plainly — protect sensitive data from prompt injection attacks, where manipulated content tricks the model into leaking information.

What Lockdown Mode shuts off

When the mode is active, ChatGPT cuts off pretty much anything that opens a connection to the outside world. Live web search, Deep Research (including shopping research), Agent Mode, Canvas networking, live connectors, file downloads, and even image output get limited or fully disabled. Web browsing runs only on cached content — so no live requests leave OpenAI’s controlled network.

It’s built for highly security-conscious users: executives, security teams, people at organizations that make tempting targets. Personal users turn it on under «Settings > Security». It’s also available for ChatGPT Enterprise, Edu, Healthcare, and Teachers.

Why this matters more than it looks

Prompt injection is the unsolved security problem of this entire agent generation. The moment a model reads emails, visits websites, or operates tools, malicious content can try to slip it new instructions. That’s where it gets dangerous — and it’s exactly what Claude, Cowork, and Claude Code face too, the second they work with connectors and the outside world.

My take

A mode that switches off almost everything useful is honest — but it’s also an admission. At its core, OpenAI is saying: we can’t reliably prevent prompt injection, so we’ll give you a switch to simply cut off the attack surface. That’s not a knock — it’s the current state of the art across every provider.

I like the clarity. I’d rather have a visible switch and an honest risk label than a promise that nothing will go wrong. The interesting part is how Anthropic solves this — because the same problem hangs over every Claude agent that touches connectors. A «lockdown» for Cowork would be the next logical step. The only question is whether you can still get any work done with it on.

Sources: OpenAI, TechCrunch