OpenAI extends ChatGPT 'Lockdown Mode' to all personal and self-serve Business accounts

OpenAI broadened availability of Lockdown Mode, a hardened security posture for ChatGPT that it first introduced in February for executives and security teams at high-risk organizations. It now reaches all personal accounts — Free, Go, Plus, and Pro — plus self-serve ChatGPT Business, accessible from Settings > Security, per Neowin.

Mechanically, Lockdown Mode strips away the features that expand attack surface. Live web browsing is limited to cached content, Deep Research and Agent Mode are disabled, image retrieval from the web is blocked, Canvas-generated code can't reach the network, and file downloads for data analysis are turned off. Users can still upload their own files and generate images. OpenAI explicitly cautions the mode does not fully block prompt injections embedded in content ChatGPT processes — it reduces, not eliminates, exposure.

The timing is pointed: the same week saw a SafeBreach disclosure hijacking Google's Gemini voice assistant via notifications and a self-replicating open-weight LLM worm prototype. Agentic features that browse, execute, and act are exactly the vectors attackers probe, and Lockdown Mode is OpenAI's blunt-instrument response — disable the risky surfaces entirely for users who want maximum protection.

What to watch: enterprise admin controls (currently self-serve Business only), whether OpenAI builds finer-grained policies instead of all-or-nothing, and adoption among non-security users. The honest caveat in OpenAI's own docs — that prompt injection still slips through processed content — is the key reminder that lockdown is mitigation, not immunity.