Enable ChatGPT’s Lockdown Mode to Prevent Sensitive Data Leaks

Purpose of Lockdown Mode

Lockdown Mode is a security switch that blocks the primary data‑exfiltration path by disabling most outbound network capabilities. It targets prompt‑injection attacks, where hidden instructions in webpages, documents, emails or spreadsheets can cause the model to send private data outward.

Capabilities disabled

When enabled, the model cannot perform any action that requires network or external‑service access: real‑time web browsing is limited to cached content, Deep Research and Agent mode are disabled, Canvas‑generated code cannot reach the internet, and file download for data analysis is blocked. Image generation from user‑uploaded pictures remains functional.

General knowledge queries, copy‑editing or simple writing are unaffected, but tasks that rely on live search, deep research or automated agents experience noticeable slowdown.

Connector and App behavior

For personal and self‑serve Business accounts, Lockdown Mode permits only “synchronised data connectors” while blocking real‑time connector access and write actions. In managed workspaces, the effect depends on admin roles, app assignments and permission settings. Reading data that has already been synchronised into OpenAI is considered lower risk; writing to external systems, invoking real‑time connectors or causing side effects is treated as high risk.

Example: allowing the model to read a pre‑synced document is safer than permitting it to post a message to a third‑party service or modify a public page.

When to enable Lockdown Mode

Suitable scenarios

Processing contracts, resumes, client data, or any material containing private information.

Analyzing internal documents or meeting minutes that should not be fetched by external requests.

Reading unfamiliar web pages or third‑party files that might embed malicious instructions.

Performing security checks before using enterprise connectors.

Unsuitable scenarios

Real‑time news search (cached results may be outdated).

Deep Research (disabled).

Complex Agent tasks (Agent mode disabled).

Network‑required code experiments (Canvas network access limited).

Implications for AI product design

Many AI‑security solutions focus on detection of malicious prompts, links or anomalous outputs, but prompt‑injection attacks are designed to evade detection. Lockdown Mode demonstrates that enforcing capability boundaries—cutting network access, blocking write actions and requiring explicit user confirmation—provides a more reliable safeguard when the model can read data, manipulate software or interact with business systems.

References

OpenAI Help Center: Lockdown Mode – https://help.openai.com/en/articles/20001061-lockdown-mode

OpenAI Safety: Understanding prompt injections – https://openai.com/safety/prompt-injections/

Simon Willison: OpenAI Help: Lockdown Mode – https://simonwillison.net/2026/Jun/5/openai-help-lockdown-mode/