OpenAI blocks data exfiltration in Lockdown Mode
Lockdown Mode restricts outbound network requests to prevent attackers from stealing data via prompt injection, now rolling out across all ChatGPT tiers.
June 9, 2026
Summary
If you're processing untrusted content or sensitive data in ChatGPT, this mitigates the exfiltration vector of prompt injection attacks—the easiest attack surface to actually close. Without it, default ChatGPT lacks robust protection against determined data theft attempts.
Why it matters
If you're processing untrusted content or sensitive data in ChatGPT, this mitigates the exfiltration vector of prompt injection attacks—the easiest attack surface to actually close. Without it, default ChatGPT lacks robust protection against determined data theft attempts.
Implementation verdict
Enable it immediately on any account handling sensitive data. It's a non-AI enforcement layer (deterministic network filtering), so it actually works—no ML bypass risk. Trade-off: some legitimate integrations may break. Worth trying now; there's no reason to stay on default.
Sources
- 1.rolling out to eligible personal accounts, including Free, Go, Plus, and Pro, and self-serve ChatGPT Business accounts
- 2.Lockdown Mode is designed to help prevent the final stage of data exfiltration from a prompt injection attack by limiting outbound network requests
- 3.The only way to solve the trifecta is to cut off one of the three legs, and by far the easiest leg to restrict without making your LLM systems far less useful is the exfiltration vectors to steal data
- 4.using mechanisms that are deterministic and, crucially, are not evaluated by AI systems that themselves can be subverted
Dev Signal
Get briefs like this in your inbox — free, 3x a week.
100+ sources compressed into one 4-minute read. Ranked, cited, implementation-ready.