%20--%3e%3cdefs%3e%3cstyle%3e%20.st0%20{%20fill:%20%23061b40;%20}%20.st1%20{%20fill:%20%23306af1;%20}%20.st2%20{%20fill:%20%235ce5cf;%20}%20%3c/style%3e%3c/defs%3e%3cg%3e%3cpath%20class='st0'%20d='M55,10.5h9v3h-9v9h12V7.5h-12v3ZM64,19.5h-6v-3h6v3Z'/%3e%3cpolygon%20class='st0'%20points='69%2016.5%2078%2016.5%2078%2019.5%2069%2019.5%2069%2022.5%2081%2022.5%2081%2013.5%2072%2013.5%2072%2010.5%2081%2010.5%2081%207.5%2069%207.5%2069%2016.5'/%3e%3cpolygon%20class='st0'%20points='95%2010.5%2095%207.5%2083%207.5%2083%2022.5%2095%2022.5%2095%2019.5%2086%2019.5%2086%2016.5%2095%2016.5%2095%2013.5%2086%2013.5%2086%2010.5%2095%2010.5'/%3e%3cpath%20class='st0'%20d='M40,1.5v21h11.6l1.4-1.4v-7.6h0c0,0-1.4-1.5-1.4-1.5l1.4-1.4V2.9l-1.4-1.4h-11.6ZM50,19.5h-7v-6h7v6ZM50,10.5h-7v-6h7v6Z'/%3e%3c/g%3e%3cpath%20class='st1'%20d='M23.1,24L14.7,4.8l-4.9,11.2h3.8l-1.8,4H3.3L12.1,0H2C.9,0,0,.9,0,2v20c0,1.1.9,2,2,2h21.1Z'/%3e%3cpath%20class='st2'%20d='M34,0h-16.8l10.6,24h6.2c1.1,0,2-.9,2-2V2C36,.9,35.1,0,34,0ZM32.5,20h-4V4h4v16Z'/%3e%3c/svg%3e)
As generative AI accelerates toward the agent (Agent) era, increasingly powerful tool invocation and internet connectivity capabilities have also posed unprecedented challenges to security defense systems. To combat the rampant prompt injection attacks, OpenAI has officially launched a groundbreaking optional new security setting—“Lockdown Mode,” which is now available to all logged-in users, various account types, and workspaces.
Prompt injection attacks have long been a headache for large model development teams. Attackers often cleverly hide malicious instructions within web pages, third-party documents, or other external data. Once ChatGPT reads this "poisoned" content while connected to the internet, it may be induced to ignore its original core security rules, perform unauthorized operations, and even secretly send sensitive information such as business secrets or personal privacy to an external malicious server without the user's knowledge.
Facing this industry-recognized chronic issue, OpenAI's newly introduced Lockdown Mode takes a very practical approach. Instead of trying to perfectly identify all emerging malicious instructions, it chooses to directly limit the most dangerous and critical part—cutting off the network access path to the outside.
Once a user or workspace administrator enables Lockdown Mode, many of ChatGPT's core features will be physically restricted. For instance, the real-time web browsing function will be significantly weakened, and the system will only be able to access protected cached web content, which may result in incomplete, outdated, or unavailable search results. At the same time, the model will not retrieve or display any images from the external network in its responses, nor will it be able to download any files from the network for advanced data analysis.
In addition, the high-end productivity features such as "Deep Research" and "Agent Mode" will be directly disabled. Even code generated under the Canvas canvas feature will not be approved for internet access. In this mode, the large model can only process files that are manually uploaded by the user as local secure documents.
However, OpenAI's official documentation clearly states that Lockdown Mode is not an impenetrable armor. It cannot guarantee 100% effectiveness against prompt injection attacks. Because malicious instructions may still lurk in legitimate cached web pages or files uploaded by users, continuing to interfere with the model's judgment.
This new feature highlights the current reality paradox faced by the AI industry: the more open the large model's internet access and the deeper the automation tool usage, the larger the attack surface exposed to the outside world. The introduction of Lockdown Mode actually represents OpenAI's clear delineation of a security boundary for AI capabilities. It does not offer empty promises of "absolute safety," but instead reverts the balance between "stronger and smarter collaborative experiences" and "lower data leakage risks" back to the users and enterprise administrators to weigh themselves.