OpenAI rolls out ChatGPT Lockdown Mode and Elevated Risk labels

OpenAI has just rolled out Lockdown Mode for ChatGPT, limiting web-connected features to reduce prompt-injection risk. It’s also standardizing “Elevated Risk” labels across ChatGPT, Atlas, and Codex to flag network-exposed capabilities.

OpenAISecurity
openai cover

TL;DR

  • Lockdown Mode: Optional security setting limiting network/external-service exposure in ChatGPT and related tools
  • Rollout (June 4): Expanding to personal ChatGPT and self-serve ChatGPT Business; previously on enterprise plans
  • Disabled/limited features: Live web access, image responses, Deep Research, Agent Mode, Canvas networking, connectors, file downloads
  • Threat model: Mitigates prompt injection paths that could exfiltrate data via external requests
  • Admin controls: Enable via Workspace Settings using RBAC roles; granular app/action allowances; visibility via Compliance API Logs Platform
  • Elevated Risk labels: Standardized across ChatGPT, ChatGPT Atlas, and Codex for features like Codex network access; labels may change/remove over time

OpenAI’s new security announcement adds two protections to ChatGPT and related tools: an optional “Lockdown Mode” for higher-risk users, and standardized “Elevated Risk” labels for features that can introduce additional network-related exposure. In a June 4 update, the company states that Lockdown Mode is now rolling out to personal ChatGPT accounts and self-serve ChatGPT Business accounts after first appearing on enterprise plans.

The company describes Lockdown Mode as a conservative setting for people and teams working with sensitive information or connected features. When enabled, it limits or turns off functions that connect ChatGPT to the web or external services, including live web access, image support in responses, Deep Research including shopping research, Agent Mode, Canvas networking, live connectors, and file downloads.

OpenAI ties the change to prompt injection, which it defines as an attack in which a third party tries to mislead a conversational AI system into following malicious instructions or revealing sensitive information. The post claims that Lockdown Mode reduces the ways prompt-injection-style attacks could cause data to leave the conversation, including by limiting browsing to cached content so that no live network requests leave OpenAI’s controlled network.

The setting is available on ChatGPT Enterprise, ChatGPT Edu, ChatGPT for Healthcare, and ChatGPT for Teachers, with admins able to enable it in Workspace Settings by creating a new role. OpenAI also states that admins can decide which apps — and which actions within them — remain available in Lockdown Mode, while the separate Compliance API Logs Platform provides visibility into app usage, shared data, and connected sources.

Alongside that, OpenAI is standardizing an “Elevated Risk” label across ChatGPT, ChatGPT Atlas, and Codex for a short list of existing capabilities that may carry added risk. The company gives Codex network access as an example, noting that its settings screen now includes the label and a description of what changes, what risks may be introduced, and when such access is appropriate. OpenAI adds that the label will be removed once security improvements are judged sufficient for general use, and that the list of labeled features may change over time.

Source: OpenAI

Continue the conversation on Slack

Did this article spark your interest? Join our community of experts and enthusiasts to dive deeper, ask questions, and share your ideas.

Join our community

Related Articles

OpenAI begins rolling out GPT-5.5-Cyber to key defenders

OpenAI begins rolling out GPT-5.5-Cyber to key defenders

OpenAI has just rolled out GPT-5.5-Cyber, bringing a new “frontier cybersecurity model” to critical cyber defenders. Early reactions focus on trusted access, benchmarks, and whether controls can prevent misuse by attackers.

2 shared tags
openai cover

OpenAI expands Trusted Access and launches GPT-5.4-Cyber model

With the launch of GPT-5.4-Cyber, OpenAI is rolling out a more cyber-permissive model for vetted defenders. The company is also scaling Trusted Access for Cyber to thousands of verified individuals and hundreds of teams protecting critical software.

2 shared tags
openai cover

OpenAI details how Codex stays safe with guardrails and telemetry

OpenAI’s latest post explains how it’s deploying Codex with tighter sandboxing, approval gates, and policy controls to reduce risky actions. It also highlights deep logging via OpenTelemetry so teams can audit prompts, tools, and network activity.

2 shared tags