OpenAI has introduced a new security feature called Lockdown Mode. And unlike most AI updates that promise more capabilities, this one does the opposite. It deliberately makes ChatGPT less powerful. The feature is designed for people handling sensitive information who are worried about a growing AI security threat known as prompt injection. These attacks hide malicious instructions inside webpages, files, emails, or other content that an AI system reads, potentially tricking it into revealing or transmitting sensitive information.
To reduce that risk, Lockdown Mode shuts off some of ChatGPT’s most useful features. Live web browsing is replaced with cached content, Deep Research is disabled, Agent Mode is turned off, web image retrieval is restricted, and ChatGPT can no longer download files for analysis.
In other words, OpenAI’s latest security solution is rather simple: if AI can’t reach the outside world, it becomes much harder for attackers to make it leak data.
What’s particularly interesting is what this reveals about the current state of AI security. OpenAI openly acknowledges that Lockdown Mode doesn’t prevent prompt injections themselves. Malicious instructions can still appear in files or content that ChatGPT processes. The goal is simply to stop those attacks from succeeding in exfiltrating sensitive information.
For years, AI companies have been trying to teach models to ignore malicious instructions. Lockdown Mode takes a different approach. Instead of trusting the AI to behave perfectly, it removes some of its ability to do damage in the first place.
The feature is rolling out across eligible personal accounts, including Free, Go, Plus and Pro users, as well as self-serve ChatGPT Business accounts.
Most users may probably never need it. But its existence is a reminder that as AI systems become more connected, autonomous and capable, the biggest challenge may not be making them smarter. It may be figuring out what they shouldn’t be allowed to do.
