OpenAI has expanded ChatGPT Lockdown Mode from enterprise plans to personal and self-serve business accounts, rolling the feature out broadly this week. It is an optional security setting that limits ChatGPT’s external connections to protect sensitive information from a class of attack called prompt injection.

The move signals that AI security is no longer just a concern for large enterprises. As ChatGPT becomes embedded in day-to-day work across organisations of all sizes, the attack surface has grown with it.

What Lockdown Mode Does

When turned on, Lockdown Mode disables the ChatGPT features most commonly exploited to move data outside a conversation. The list includes live web browsing, Deep Research, Agent Mode, Canvas networking, live connectors, image support in responses, and file downloads.

The idea is straightforward: if the tool cannot access the internet or download files, it cannot be weaponised to send your information somewhere it should not go. Organisations in regulated industries or handling confidential client data now have a deterministic way to limit that exposure.

Enterprise workspace admins get an additional control layer. They can create a dedicated role called “Lockdown Mode” and assign specific users or groups to it, enforcing the setting rather than leaving it up to individuals. That matters in environments where you cannot rely on every employee to opt in themselves.

OpenAI also introduced “Elevated Risk” labels alongside Lockdown Mode. These surface warnings inside ChatGPT when a conversation involves content patterns that carry a higher likelihood of misuse, giving users a heads-up before they act.

The Threat It Addresses

Prompt injection is an attack technique where malicious instructions are hidden inside content that an AI system processes. If you upload a document or browse a page that contains hidden instructions, the AI can be tricked into following those instructions instead of yours. The consequences range from leaked conversation data to exfiltrated credentials or confidential business information.

As companies have pushed AI deeper into their workflows, connecting ChatGPT to internal tools, customer data, and third-party APIs, the attack surface has grown significantly. The security research community has documented this problem for years. Lockdown Mode is OpenAI’s practical response for users who need a concrete mitigation now, rather than waiting for the underlying model-level problem to be fully solved.

It is worth being clear about one important limitation: Lockdown Mode does not prevent prompt injections from appearing in the content ChatGPT processes. If a malicious instruction is embedded in an uploaded file or cached web content, ChatGPT can still read it. What Lockdown Mode prevents is the exfiltration path, the ability for those injected instructions to actually send data out of the conversation.

What This Means for Business

If your team uses ChatGPT with any connected data, Lockdown Mode is worth evaluating. The tradeoff is real: you lose Agent Mode, Deep Research, and live web browsing when it is active. For workflows that depend on those features, that is a meaningful constraint.

The practical answer for most businesses is selective deployment. Enable Lockdown Mode for roles that handle sensitive client information, financial data, or regulated content. Leave it off for roles where live web access and research tools are core to the job.

For enterprise IT and compliance teams, the admin enforcement capability changes the governance equation. You no longer have to rely on policy documents and training to prevent employees from connecting sensitive conversations to the web. You can enforce it at the platform level.

This also reflects a broader maturation in how AI providers think about their enterprise responsibilities. OpenAI is shipping security primitives that IT departments recognise from their existing toolkits: role-based access control, audit logs, and network isolation. That is the language of enterprise procurement, and it removes a meaningful objection for organisations that have held back on wider ChatGPT deployment because of data security concerns.

The Bigger Picture

The rollout of Lockdown Mode to personal and business accounts is a signal that AI security is becoming a mainstream concern, not a niche enterprise one. As AI tools handle more sensitive work, the expectation that they come with security controls is reasonable.

If you are building an AI strategy for your business and security has been a sticking point, this is a practical development worth discussing with your team. For organisations still developing their AI governance framework, features like this are exactly the kind of control layer that makes responsible adoption possible.

Enterprise DNA’s advisory practice helps leadership teams evaluate and deploy AI tools with appropriate security and governance in place. If your organisation is weighing how to deploy AI without creating new security risks, start with a discovery call.