OpenAI Introduces Lockdown Mode and Elevated Risk Labels in ChatGPT
Key Takeaways
- ▸Lockdown Mode restricts ChatGPT's external interactions — web browsing is cached-only, preventing data exfiltration via live requests
- ▸Elevated Risk Labels provide consistent security warnings across ChatGPT, Atlas, and Codex when features connect to external systems
- ▸Both features primarily target prompt injection attacks — where third parties attempt to mislead AI into following malicious instructions
Summary
OpenAI has rolled out two new security features to defend ChatGPT against prompt injection attacks and sophisticated threats when integrating with external systems.
Lockdown Mode is an optional, advanced security setting designed for highly security-conscious users such as executives and security teams at prominent organizations. When activated, it tightly constrains how ChatGPT can interact with external systems to reduce the risk of prompt injection-based data exfiltration. Web browsing in Lockdown Mode is limited to cached content only — no live network requests leave OpenAI's controlled infrastructure. Some features are disabled entirely when OpenAI cannot provide strong deterministic guarantees of data safety. Workspace administrators can activate Lockdown Mode through Workspace Settings, creating dedicated roles with enhanced security constraints while retaining control over which apps and actions remain available.
Elevated Risk Labels are standardized in-product warnings that inform users about features introducing potential security risks when connecting AI tools with external applications and web services. These labels clarify what features do, what changes occur when activated, associated risks, and appropriate usage scenarios. They are applied consistently across ChatGPT, ChatGPT Atlas, and Codex products. For example, in Codex, enabling network access receives an Elevated Risk label highlighting the security implications of web-based actions. OpenAI plans to remove labels once security improvements adequately mitigate identified risks.
Lockdown Mode is currently available for ChatGPT Enterprise, ChatGPT Edu, ChatGPT for Healthcare, and ChatGPT for Teachers, with consumer user access planned for a future release.
- Currently limited to Enterprise/Edu/Healthcare/Teachers tiers; consumer access is planned
- Admins retain granular control over which apps and actions remain available in Lockdown Mode
Editorial Opinion
This is a significant step toward enterprise-grade AI security. As ChatGPT becomes more deeply integrated into business workflows — connecting to external APIs, browsing the web, running code — the attack surface for prompt injection grows substantially. Lockdown Mode addresses a real and growing concern: sophisticated adversaries using manipulated content to exfiltrate data through AI intermediaries. The timing is notable, coming as competitors like Anthropic and Google also race to make their AI tools enterprise-safe. The cached-only browsing approach is a pragmatic trade-off between functionality and security, though it remains to be seen how quickly OpenAI can bring these protections to consumer users who face similar risks.
