OpenAI Lockdown Mode expands to all personal and Business accounts, blocking exfiltration at the network layer
OpenAI's Lockdown Mode — previously enterprise-only — now covers Free, Go, Plus, Pro, and self-serve Business accounts; it disables outbound network channels — live web, Agent Mode, Canvas, and live connectors — to cut the exfiltration leg of prompt-injection attacks. The control is deterministic rather than AI-evaluated, which matters: a model-based filter can itself be manipulated by a devious injection, while a network block cannot. The rollout implicitly confirms that default ChatGPT offers no robust protection against determined exfiltration — a useful baseline for developers building on the API.
Source: simonwillison.net ↗
Lockdown Mode is designed to help prevent the final stage of data exfiltration from a prompt injection attack by limiting outbound network requests that could transfer sensitive data to an attacker.
Why this matters
- → Blocks data exfiltration at network layer, not through AI filters that can be manipulated.
- → Confirms default ChatGPT lacks robust protection against prompt-injection data theft.
- → Available to all personal and Business accounts, enabling widespread adoption for high-risk users.