What is Lockdown Mode in ChatGPT?

An optional security setting that disables features connecting ChatGPT to the internet or external services. The purpose is to reduce the risk that prompt injection in web pages or uploaded files is used to send sensitive data out of the conversation.

Does Lockdown Mode cost anything?

No. The feature is free for all accounts that have it available: Free, Go, Plus, Pro and self-serve ChatGPT Business. Enterprise functions like Compliance API and RBAC are only available with paid workspace plans.

What gets disabled when Lockdown Mode is on?

Live web search (limited to cached content), web images in responses, Deep Research, Agent Mode, Canvas networking, file downloads, live connectors and write actions in apps. Financs and shopping features become unavailable.

Does Lockdown Mode prevent all prompt injection?

No. OpenAI itself states that prompt injection can still affect model behavior through cached web content or uploaded files. The mode only blocks the final step: the attempt to send data out through network requests.

Should Norwegian SMBs turn on Lockdown Mode?

For most SMBs handling personal data, customer data or business-sensitive documents, yes. Activation takes under a minute and requires no technical expertise. The effect is largest combined with an internal policy for which data should never be shared with an AI service.

ChatGPT Lockdown Mode: enterprise security in 3 clicks

AIKIAI Consultancy

|7. juni 2026|5 min lesing

Key takeaways

OpenAI rolled out Lockdown Mode to personal ChatGPT accounts on June 4. Previously Enterprise-only.
The mode disables live web, Agent Mode, Deep Research and Canvas networking, aiming to stop prompt injection from leaking business data.
Activation takes three clicks: Settings, Security, Advanced security. Free for Plus and Pro users.

OpenAI rolled out Lockdown Mode to personal ChatGPT accounts and self-serve Business subscriptions on Thursday June 4. The function was previously limited to Enterprise, Edu, Healthcare and Teachers. Now anyone with a Plus or Pro account can turn on enterprise-grade protection against prompt injection. For Norwegian SMBs this means you can lock down your conversations in three clicks, without going through an Enterprise contract.

What is new, and why it matters

Lockdown Mode is OpenAI's answer to a problem that has been known since GPT-3: prompt injection. A malicious instruction hidden in a web page, a PDF document or an email can trick the model into leaking data, sending email on behalf of the user, or doing things it should not. OpenAI itself calls it a "frontier, challenging research problem" they have not been able to solve.

Instead of pretending the problem is fixed, Lockdown Mode builds a last line of defense. The mode disables the functions an attacker could use to send data out, but does not change how the model thinks.

"Lockdown Mode is not intended for everyone. It is designed for people and organizations that handle sensitive data and want stricter protection from data exfiltration risks related to prompt injection." OpenAI Help Center

For Norwegian SMBs, the important thing is that these guarantees are now available outside the enterprise segment. You no longer need a legal agreement and a dedicated IT department to get something resembling bank-level control.

What gets disabled, and what stays the same

When Lockdown Mode is active, the following changes apply:

Live web search is limited to cached content. Search results may be outdated or absent.
Web images in responses disappear. Uploaded images and image generation still work.
Deep Research turns off, because the function fetches content from the web on its own.
Agent Mode turns off, because the agent can take actions on your behalf.
Canvas networking is blocked. Code generated in Canvas can no longer access the network.
File downloads for analysis turn off. Manually uploaded files still work.
Live connectors and write actions in apps are blocked. Synced data can be read, but not updated.
Finances in ChatGPT and shopping features become unavailable.

What does not change is at least as important. Memory works as before. File uploads work. Conversation sharing works. Training use of your conversations does not change. OpenAI's FAQ also notes that Codex is not affected. For developers this means that even with Lockdown Mode on, the Codex agent can make network calls.

How to activate Lockdown Mode

For personal accounts and self-serve Business:

Go to Settings in ChatGPT.
Select Security in the left menu.
Under Advanced security, turn on Lockdown Mode.
Confirm in the dialog that appears.

For managed workspaces (Enterprise/Edu): an admin must create a role with Lockdown Mode enabled in Role-based access controls (RBAC), and assign it to individual users or groups.

You can temporarily turn off Lockdown Mode for a single conversation if you need full functionality for a specific case, such as a technical research task. Lockdown Mode and Developer Mode are mutually exclusive.

What this means for Norwegian businesses

Three concrete situations where Lockdown Mode is a cheap and effective measure:

Accountants or lawyers with client data. Many SMBs in these industries paste in emails, notes or draft contracts for summarization. With Lockdown Mode on, you prevent an embedded instruction in the document from trying to send the content elsewhere.

SMBs connecting ChatGPT to Google Drive, Slack or email. Live connectors turn off, but synced data can still be read. You can let the AI summarize documents without it simultaneously being able to send them somewhere. For SMBs without a dedicated DLP (Data Loss Prevention) layer, this is a practical middle ground.

SMBs considering ChatGPT in customer-facing workflows. Before connecting a chatbot to a CRM or a payment system, test how it behaves with Lockdown Mode on. You will quickly see which workflows need network access, and which can run safely in locked mode.

The most important effect is cultural. When you turn on Lockdown Mode, it becomes harder for employees to do something inadvertently. The basic rule should be: turn Lockdown Mode on by default, and turn it off for specific tasks.

What Lockdown Mode does not solve

OpenAI is honest about this themselves:

"Lockdown Mode does not prevent prompt injections from appearing in the content ChatGPT processes. For example, a prompt injection could appear in cached web content or in an uploaded file, and could still affect the behavior or accuracy of a response." OpenAI Help Center

Three things in practice:

Manipulated answers. The model can be tricked into giving wrong answers, even without sending data out.
Indirect leaks. An attacker can use prompt injection to convince the model to include sensitive information in a regular response text that you copy onward.
Connector-sourced data. Synced data in apps (Google Drive, Notion) is still readable by the model, and can be a source of leakage via response text.

Lockdown Mode is therefore a band-aid, not a cure. It reduces the attack surface dramatically, but it does not replace an internal policy for which data should never be put into an AI service.

Practical action plan

Map which conversations need network access. Go through the last 10 ChatGPT conversations in your team. How many used live web, Agent Mode or apps? Below 30 percent means Lockdown Mode is an easy trade.
Turn on by default for all accounts. The per-conversation off switch lets you open up for full functionality when needed, without making that the default.
Establish an internal "never share" list. National identity numbers, credit card numbers, attorney-client privileged information, source code with secrets. OpenAI stores conversations.
Use the Compliance API if you are on Enterprise. Compliance API provides auditable logs of shared data, apps and users. Worth its weight in gold for GDPR documentation.
Tie activation to a written policy. Document it in your AI policy and explain to employees why.

Who should stay away

Lockdown Mode is not for everyone. If you use ChatGPT as an active research tool, need Agent Mode to book meetings, or depend on Deep Research to fetch fresh sources, the mode will feel like working with the handbrake on. In that case, it is better to leave the mode off, and compensate with stricter policies for what is put in.

Frequently asked questions

What is the difference between Lockdown Mode and normal "safe use" of ChatGPT?

Normal "safe use" is about what you put into ChatGPT. Lockdown Mode is a technical measure on OpenAI's side that disables the tools that can send data out. The two complement each other.

Can employees turn off Lockdown Mode without me knowing?

On personal accounts and self-serve Business: yes, the user can turn it off in settings. That is why Lockdown Mode is most effective on managed workspaces with RBAC, where an admin controls who has which roles.

Does Lockdown Mode affect the price?

No. The feature is free for all accounts that have it available. You only pay for the ChatGPT subscription you already have.

What about image generation and image upload?

Image upload works as normal. Image generation also works. Only web images in responses disappear. The model can still show images you have uploaded.

Does Lockdown Mode protect against deepfakes and voice cloning?

No. Lockdown Mode protects against data exfiltration through prompt injection in ChatGPT conversations. It has nothing to do with deepfakes, voice cloning or other AI models.

Summary

OpenAI has made enterprise-level security available to everyone. For Norwegian SMBs handling customer data, personal data or business-sensitive documents, Lockdown Mode is a cheap and fast measure that should be on by default. It does not replace an internal AI policy, but it is a solid first step.

The most important admission from OpenAI itself still applies: prompt injection is not solved. Lockdown Mode is a band-aid, not a cure. Use it as one of several layers in a comprehensive security setup for AI use in your business.

Want help implementing AI tools safely in your business? Read more about AI Kickstart or get in touch for a no-obligation conversation about what fits your situation.

Sources

Introducing Lockdown Mode and Elevated Risk labels in ChatGPT, OpenAI, 13 February 2026 (updated 4 June 2026)
Lockdown Mode | OpenAI Help Center
ChatGPT's new Lockdown Mode lets you disable web access, The Decoder, 7 June 2026
OpenAI unveils Lockdown Mode to protect sensitive data from prompt injection attacks, TechCrunch, 6 June 2026
ChatGPT gets new security feature to fight prompt injection attacks, Help Net Security, 16 February 2026

Del:LinkedIn X Facebook

Relaterte innlegg

Nyheter

AI-modeller april 2026: Hvilken modell skal norske SMB-konsulenter velge?

AI Models April 2026: Which Model Should Norwegian SMB Consultants Choose? During April 2026, six major players launched or previewed new models. For Norwegian SMB consultants evaluating AI tools for

25. apr. 20264 min lesing

Nyheter

DeepSeek V4 vs Claude: 20x Billigere AI (Prisguide 2026)

DeepSeek V4 is China's latest large language model, and it is priced in a category of its own. Where Claude Opus 4.7 costs around $75 per million tokens, DeepSeek V4 comes in at approximately $4 - rou

25. apr. 20263 min lesing

Illustration of Claude Opus 4.8 used for code, analysis and agentic workflows in a business setting

Nyheter

Claude Opus 4.8: What Norwegian SMBs should know

The short version for business leaders Anthropic launched Claude Opus 4.8 on 28 May 2026 as an upgrade from Opus 4.7. The company presents it as a measurable but modest improvement. Businesses should

29. mai 20263 min lesing

Nyheter · 25. apr. 2026AI-modeller april 2026: Hvilken modell skal norske SMB-konsulenter velge?Nyheter · 25. apr. 2026DeepSeek V4 vs Claude: 20x Billigere AI (Prisguide 2026)Nyheter · 29. mai 2026Claude Opus 4.8: What Norwegian SMBs should know