OpenAI is rolling out Lockdown Mode to a much wider group of ChatGPT users, including those on the Free plan. The feature adds a new layer of protection against prompt injection attacks, which can hijack an AI model when it is used for web-connected tasks.
That expansion matters because prompt injection has become one of the newer risks in the generative AI era. Hidden instructions buried in malicious pages or materials can push a model to behave in ways the user never intended, including sending personal data without clear warning.
A security setting that now reaches free accounts
Lockdown Mode was first introduced for ChatGPT enterprise customers. OpenAI now says it is being extended to personal ChatGPT accounts and self-serve ChatGPT Business accounts.
The company’s documentation also confirms a broader rollout. Lockdown Mode is now available for Free, Go, Plus, Pro, and self-serve ChatGPT Business accounts, although the launch may take time before it reaches every user.
For users who already have access, the setting can be checked in Settings, then Security. Lockdown Mode appears under Advanced Security as a simple on-or-off toggle.
How Lockdown Mode works
OpenAI first described Lockdown Mode in a February blog post. The core idea is to stop ChatGPT from making live outbound network requests when the mode is enabled.
That restriction is central to the defense. If a malicious actor tries to trick the model into sending data outside, Lockdown Mode stops ChatGPT before the information is transmitted.
The attack pattern targeted here usually appears when AI is asked to perform web-based tasks. A hidden prompt on a page or in a document can influence the model behind the scenes and steer its behavior away from the user’s original request.
In those cases, the model may be manipulated into following instructions that were never meant to be seen by the user. The biggest risk is that private or sensitive information could be exposed to the attacker.
The trade-off is reduced outbound functionality
The added protection does come with a compromise. OpenAI says Lockdown Mode disables or limits certain features that depend on outbound network calls.
As a result, the ChatGPT experience can become more conservative than in normal mode. The design is aimed at users and teams that handle sensitive information or place a higher priority on privacy.
OpenAI describes Lockdown Mode as an optional setting. Users can decide whether they want broader functionality or tighter protection when using connected features.
For people who regularly process important data, that trade-off may be reasonable. Prompt injection does not always appear in a way that is obvious to the person using the chatbot.
Why the rollout matters
Large language models have changed the cybersecurity landscape quickly. The same technology used to build defenses is also being used by attackers to develop new tactics.
That has created a new class of AI-specific threats. Instead of attacking only the user’s system, attackers can try to manipulate the model itself into carrying out actions that help them.
Lockdown Mode is relevant in that context because it narrows one of the most sensitive attack paths. It reduces the chance that a model, once influenced by a malicious prompt, can send data out on its own.
Extending the feature to free users also makes the protection more widely available. Security tools of this kind were previously more closely associated with enterprise customers, but personal accounts are now gaining access as well.
For everyday users, the main benefit is clearer control over how ChatGPT behaves when connected features are involved. When the mode is active, the model cannot freely make direct network requests that an attacker could potentially exploit.
OpenAI positions the feature as part of a more cautious ChatGPT experience. That approach fits people or teams that want to reduce risk while working with sensitive data and interconnected tools.
Because the rollout is happening gradually, not every account will see the option at the same time. Still, the appearance of Lockdown Mode on Free accounts shows that protection against prompt injection is no longer limited to premium or enterprise customers.