{"id":1204,"date":"2026-06-06T14:51:47","date_gmt":"2026-06-06T14:51:47","guid":{"rendered":"https:\/\/thedigitalfortress.us\/?p=1204"},"modified":"2026-06-06T14:51:47","modified_gmt":"2026-06-06T14:51:47","slug":"new-chatgpt-lockdown-mode-limits-tools-that-could-enable-data-exfiltration","status":"publish","type":"post","link":"https:\/\/thedigitalfortress.us\/?p=1204","title":{"rendered":"New ChatGPT Lockdown Mode Limits Tools That Could Enable Data Exfiltration"},"content":{"rendered":"<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">Ravie Lakshmanan<\/span><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">Jun 06, 2026<\/span><\/span><span class=\"p-tags\">Cybersecurity \/ Artificial Intelligence<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><a href=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhBOQJLNqTRWigWAgPKNCKXr8hOgMZD4ZNb3lNzGbrvSj87BzK_VzrbaqMPVOo1wmCsILPHO2s5cdfu1I2nUOhNibPpzsOHko3qWQwCVXXVdi8yaqYjMJGBD6Fzz-eBmgJ1-Vy0E02L_X1xsT3neUlTTsn9s8e2ODQVYXNErvOz9VrHEIdJNfGhsASUV0ag\/s1700-e365\/chatgpt-lockdown.jpg\" style=\"clear: left; display: block; float: left;  text-align: center;\"><\/a><\/div>\n<p>OpenAI has begun rolling out a new <b>Lockdown Mode<\/b> to ChatGPT for eligible personal accounts to reduce the risk of data exfiltration arising from prompt injection attacks.<\/p>\n<p>The feature is primarily designed for people and organizations that handle sensitive data and require stricter protection guarantees. Lockdown Mode is available to logged-in users across Free, Go, Plus, and Pro, and self-serve ChatGPT Business plans.<\/p>\n<p>\u00abLockdown Mode is an optional advanced security setting that limits many tools and capabilities in OpenAI products that can connect to the web or external services,\u00bb OpenAI <a href=\"https:\/\/help.openai.com\/en\/articles\/20001061-lockdown-mode\">said<\/a>.<\/p>\n<p>\u00abIt is designed to reduce the risk of data exfiltration from prompt injection attacks by limiting outbound network requests, at the expense of disabling or limiting some useful features.\u00bb<\/p>\n<p>The safeguards are aimed at hardening the attack surface against prompt injections, which continues to be a \u00abfrontier\u00bb problem impacting all large language models (LLMs).<\/p>\n<p>Specifically, they build upon sandboxing and existing controls to combat <a href=\"https:\/\/openai.com\/index\/ai-agent-link-safety\/\">URL-based data exfiltration mechanisms<\/a> to limit outbound network requests that could potentially transmit sensitive data to attacker-controlled infrastructure.<\/p>\n<div class=\"dog_two clear\">\n<div class=\"cf\"><a href=\"https:\/\/thehackernews.uk\/vpn-threat-report-m\" rel=\"nofollow noopener sponsored\" target=\"_blank\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"Cybersecurity\" src=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhFlTC7RrRZGiFAgASS0noWSL0qsQGFVp8-Hvuw9yp3X3VKRuTcb5SsPX09wJzrdIM6pu1_5lS4EeZp7Sx4iYBpNJkrGnpr08yyaS1HQ5_5TxaCsP6O0OtHNuOkesn6CbNjao1GPulCJk-uljYMSfMZfBYNrngpe669t7jlRn1FqiEnXhsFD1WVkpaYIVgh\/s728-e100\/ai-d.jpg\" width=\"729\" height=\"91\"\/><\/a><\/div>\n<\/div>\n<p>The idea is not to stop prompt injections from occurring. Nor does it change the way memory or file uploads work, or the ability to share a conversation. Rather, the goal is to eliminate potential pathways through which the data could be exfiltrated. To that end, Lockdown Mode disables the following features &#8211;<\/p>\n<ul>\n<li>Live web browsing, which is limited to accessing only cached content<\/li>\n<li>Image support, for displaying images in regular responses or retrieving images from the web<\/li>\n<li>Deep research<\/li>\n<li>Agent mode<\/li>\n<li>Canvas networking, which prevents users from approving <a href=\"https:\/\/openai.com\/index\/introducing-canvas\/\">Canvas<\/a>-generated code to access the network<\/li>\n<li>File downloads, which block downloading files for data analysis<\/li>\n<\/ul>\n<p>Pointing out the feature is not \u00abintended for everyone,\u00bb OpenAI also noted that both Lockdown Mode and Developer Mode cannot be used at the same time, adding that turning on one disables the other.<\/p>\n<p>\u00abLockdown Mode is designed to substantially reduce the risk of prompt injection-based data exfiltration in ChatGPT and supported OpenAI products, but it does not guarantee that data exfiltration cannot happen,\u00bb the company said. \u00abRisk may remain through enabled Apps, unforeseen combinations of capabilities, or newly discovered techniques.\u00bb<\/p>\n<p>\u00abLockdown Mode also does not prevent all other effects of prompt injection attacks. For example, a malicious instruction hidden in an uploaded file could still affect ChatGPT&#8217;s behavior, and cause an incorrect answer.\u00bb<\/p>\n<p>The development comes as OpenAI has also <a href=\"https:\/\/help.openai.com\/en\/articles\/20001257-managing-active-sessions-in-chatgpt\">launched<\/a> a new account management feature that enables users to review active ChatGPT sessions and log out of individual or all sessions if signs of unauthorized account activity are detected. The listed sessions include information about the device, the app used, approximate location, sign-in date and time, whether the device is trusted, and whether it&#8217;s the current session.<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>\ue804Ravie Lakshmanan\ue802Jun 06, 2026Cybersecurity \/ Artificial Intelligence OpenAI has begun rolling out a new Lockdown Mode to ChatGPT for eligible personal accounts to reduce the risk of data exfiltration arising&hellip;<\/p>\n","protected":false},"author":1,"featured_media":1205,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[978,38,369,16,1273,1943,1944,261],"class_list":["post-1204","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-chatgpt","tag-data","tag-enable","tag-exfiltration","tag-limits","tag-lockdown","tag-mode","tag-tools"],"_links":{"self":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts\/1204","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1204"}],"version-history":[{"count":0,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts\/1204\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/media\/1205"}],"wp:attachment":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1204"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1204"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1204"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}