OpenAI has introduced Lockdown Mode and standardized “Elevated Risk” labels in ChatGPT to help organizations and users manage security risks tied to prompt injection attacks — situations where hidden instructions in external content attempt to manipulate AI behavior or extract sensitive information.

The changes matter because AI systems are increasingly connected to external apps and the web, creating new pathways where sensitive data could potentially be exposed if safeguards are not carefully managed.

As AI products expand beyond isolated chat interfaces into connected workflows, security concerns are shifting from model behavior alone to how tools interact with networks, apps, and external systems. These developments reflect a broader industry effort to make AI safety controls more visible and actionable rather than relying only on behind-the-scenes protections.

The updates are aimed primarily at enterprise and institutional users — including security teams, administrators, and organizations handling sensitive information — while also giving everyday users clearer signals about when advanced AI features may introduce additional risk.

Here’s what Lockdown Mode and Elevated Risk labels could mean for enterprise security workflows, AI users, and the evolving standards around managing risk in connected AI systems.

Lockdown Mode is designed for people and organizations that operate under heightened security concerns — such as executives, cybersecurity teams, or institutions handling sensitive information. Rather than relying solely on model behavior to resist attacks, Lockdown Mode applies strict system-level constraints that limit how ChatGPT interacts with external systems, reducing the risk of prompt injection–based data exfiltration.

In practical terms, Lockdown Mode disables or limits certain tools that could otherwise be exploited through prompt injection attacks to exfiltrate sensitive data from conversations or connected apps. For example, in Lockdown Mode, web browsing is restricted to cached content so that no live network requests leave OpenAI’s controlled environment, reducing the possibility of data being transmitted to external actors. Some capabilities are disabled entirely when strong deterministic guarantees of data safety cannot be established.

Lockdown Mode is presented as an advanced security option rather than a default setting. OpenAI notes that most users will not need these additional restrictions, but organizations may enable them for specific roles that face higher exposure risks.

The feature builds on existing security safeguards already in place across the model, product, and system levels, including sandboxing, protections against URL-based data exfiltration, monitoring and enforcement mechanisms, and enterprise controls such as role-based access and audit logs.

Lockdown Mode is currently available for ChatGPT Enterprise, ChatGPT Edu, ChatGPT for Healthcare, and ChatGPT for Teachers. Workspace administrators can enable it through admin settings by creating dedicated roles, allowing additional restrictions to layer on top of existing organizational controls.

Because some critical workflows depend on connected apps, administrators retain granular control over which apps — and which specific actions within those apps — remain available when Lockdown Mode is enabled. Separately, the Compliance API Logs Platform provides detailed visibility into app usage, shared data, and connected sources, helping organizations maintain oversight.

This approach reflects a growing trend in enterprise AI governance: balancing employee productivity with tighter operational controls. By combining granular permissions with visibility into app usage and connected data, security teams can better monitor activity while still allowing selective flexibility where needed.

OpenAI says it plans to expand Lockdown Mode access to consumers in the coming months.

Alongside stricter security options like Lockdown Mode, OpenAI is introducing a more visible way to communicate risk to users. AI systems can become more useful when connected to apps and the web, but network-related capabilities may introduce risks that are not yet fully addressed by current safety and security mitigations. Rather than removing those capabilities, OpenAI says users should be able to decide whether — and how — to use them, especially when working with private data.

To make these choices clearer, features that involve external network access or expanded permissions will now display a consistent “Elevated Risk” label across ChatGPT, ChatGPT Atlas, and Codex. The labels are intended to help users understand potential trade-offs before enabling advanced capabilities.

In Codex, for example, developers can allow the assistant to access the web for tasks such as looking up documentation. The relevant settings screen includes an “Elevated Risk” label, along with a clear explanation of what changes, what risks may be introduced, and when that access is appropriate.

This approach reflects a broader effort to make security guidance more visible to users. By combining clearer labels with optional safeguards, OpenAI is attempting to balance functionality with transparency so that different users — and organizations — can make decisions based on their own risk tolerance.

OpenAI says the “Elevated Risk” label is not necessarily permanent. As safeguards improve, the company says it plans to remove the label from features once the risks are considered sufficiently reduced for general use, while continuing to update which capabilities carry warnings as new risks emerge.

Q: What is Lockdown Mode designed to protect against?
A: It aims to reduce prompt injection–based data exfiltration by restricting how ChatGPT interacts with external systems, especially live web connections.

Q: Who is Lockdown Mode intended for?
A: Primarily organizations or individuals handling sensitive information who require stronger deterministic safeguards. Most users will not need it.

Q: Will Lockdown Mode change how ChatGPT works for most users?
A: No. OpenAI describes it as an optional security setting for higher-risk environments, while standard ChatGPT experiences remain unchanged for most users.

Q: Are these protections available to everyone today?
A: No. Lockdown Mode is currently available for enterprise and institutional plans, with broader consumer availability planned later.

Q: What do Elevated Risk labels do?
A: They provide clear warnings on features that may introduce additional security risk so users can make informed choices before enabling them.

These updates show how AI platforms are making security more visible to users, replacing invisible safeguards with clearer controls that help people understand and manage risk.

Who should care: Enterprise security teams, AI administrators, developers working with connected AI systems, and business leaders deciding how AI tools are deployed in regulated or risk-sensitive environments.

Why it matters now: As AI tools gain broader access to external systems, security concerns shift from model behavior alone to workflow design. Deterministic restrictions and visible risk indicators suggest AI platforms are moving toward more mature governance patterns.

What decision this affects: Organizations evaluating how — or whether — to allow AI tools to access sensitive data will increasingly need policies that balance productivity with exposure risk. Lockdown Mode and risk labels offer an early framework for how AI vendors may support that balance.

As AI becomes more connected to the systems that run businesses and everyday life, the real differentiator won’t just be intelligence — it will be how clearly users can see, understand, and control the risks that come with it.

Editor’s Note: This article was created by Alicia Shapiro, CMO of AiNews.com, with writing, image, and idea-generation support from ChatGPT, an AI assistant. However, the final perspective and editorial choices are solely Alicia Shapiro’s. Special thanks to ChatGPT for assistance with research and editorial support in crafting this article.