OpenAI has added two security controls to ChatGPT as account protection becomes a larger concern for users relying on the platform for work, research, coding, data analysis and connected-app tasks.
The new measures give users more control over how ChatGPT interacts with external systems and more visibility over where their accounts are signed in. One control, Lockdown Mode, is designed to reduce the risk of data theft through prompt-injection attacks. The other, Active sessions, allows users to review signed-in devices and end unfamiliar sessions from ChatGPT’s security settings.
The move reflects the changing risk profile of artificial intelligence tools as they become linked to browsers, files, enterprise apps, code environments and research workflows. Chatbots are no longer confined to answering static questions. They can retrieve information, analyse private files, browse web content, use workplace connectors and perform tasks across digital services. That wider access has increased the importance of controls that limit what can leave a conversation and help users spot suspicious account activity.
Lockdown Mode is aimed mainly at users with elevated security needs, including executives, security teams, public figures, journalists, researchers and employees handling sensitive information. When enabled, it limits or disables capabilities that connect ChatGPT to the web or external services. These include live web access, certain image-supported responses, deep research functions, shopping research, agent-based tasks, canvas networking, live connectors and file downloads.
The core purpose is to narrow the routes through which a malicious instruction embedded in external content could cause sensitive information to be sent outside the conversation. Prompt injection has emerged as one of the most difficult security challenges for AI systems because the attack may not look like traditional malware. It can appear inside a webpage, email, document, calendar entry or other content that an AI assistant is asked to read. The hidden or misleading instruction may try to persuade the system to ignore the user’s original request, reveal confidential data, follow an unsafe link or pass information to a third party.
The risk is especially acute for agentic systems that combine untrusted external content with the ability to take action. A user may ask an assistant to review emails, compare documents or complete a workflow, while an attacker places manipulative instructions inside one of the items being processed. The security challenge is not only detecting the hostile text but preventing harmful outcomes even when the model encounters it.
Lockdown Mode takes a defensive approach by restricting high-risk channels rather than relying solely on the model’s ability to identify every malicious instruction. Live browsing is constrained, some network-dependent features are turned off, and selected external interactions are blocked when stronger safety guarantees cannot be provided. The trade-off is reduced functionality for users who choose stronger isolation.
The setting is available through ChatGPT’s security settings for personal users and is also being positioned for managed workspaces where administrators need additional controls over risky workflows. For business and education environments, the measure fits into a broader security framework that includes role-based controls, audit visibility, app restrictions, encryption in transit and at rest, and limits on how connected data is handled.
The second control, Active sessions, gives users a clearer view of their signed-in account footprint. From ChatGPT’s security settings, users can review browser sessions and first-party OpenAI app sessions associated with their account. Where available, the session list can show device or browser information, app context, approximate location, sign-in date and time, whether the device is trusted, and whether it is the current session.
Users can log out of individual sessions they do not recognise or choose to log out of all sessions across devices. The feature is designed to help users respond faster when they suspect an account has been left open on a shared device, accessed from an unfamiliar location or compromised through stolen credentials. Some session details may be approximate or incomplete, and accounts linked to certain organisation single sign-on systems may not have access to the feature.
The addition of session visibility brings ChatGPT closer to account-management practices common across major digital services, where users can review active logins and revoke access from devices they no longer trust. For ChatGPT, the feature carries added significance because the account may contain conversation history, uploaded files, workspace connections, coding sessions and access to paid services.
Security specialists have warned that AI accounts can become high-value targets as users entrust them with commercial plans, legal drafts, research material, financial analysis, software code and private communications. Account takeover risks also intersect with API usage, where compromised credentials or keys can lead to unauthorised consumption and potential data exposure.
The new measures give users more control over how ChatGPT interacts with external systems and more visibility over where their accounts are signed in. One control, Lockdown Mode, is designed to reduce the risk of data theft through prompt-injection attacks. The other, Active sessions, allows users to review signed-in devices and end unfamiliar sessions from ChatGPT’s security settings.
The move reflects the changing risk profile of artificial intelligence tools as they become linked to browsers, files, enterprise apps, code environments and research workflows. Chatbots are no longer confined to answering static questions. They can retrieve information, analyse private files, browse web content, use workplace connectors and perform tasks across digital services. That wider access has increased the importance of controls that limit what can leave a conversation and help users spot suspicious account activity.
Lockdown Mode is aimed mainly at users with elevated security needs, including executives, security teams, public figures, journalists, researchers and employees handling sensitive information. When enabled, it limits or disables capabilities that connect ChatGPT to the web or external services. These include live web access, certain image-supported responses, deep research functions, shopping research, agent-based tasks, canvas networking, live connectors and file downloads.
The core purpose is to narrow the routes through which a malicious instruction embedded in external content could cause sensitive information to be sent outside the conversation. Prompt injection has emerged as one of the most difficult security challenges for AI systems because the attack may not look like traditional malware. It can appear inside a webpage, email, document, calendar entry or other content that an AI assistant is asked to read. The hidden or misleading instruction may try to persuade the system to ignore the user’s original request, reveal confidential data, follow an unsafe link or pass information to a third party.
The risk is especially acute for agentic systems that combine untrusted external content with the ability to take action. A user may ask an assistant to review emails, compare documents or complete a workflow, while an attacker places manipulative instructions inside one of the items being processed. The security challenge is not only detecting the hostile text but preventing harmful outcomes even when the model encounters it.
Lockdown Mode takes a defensive approach by restricting high-risk channels rather than relying solely on the model’s ability to identify every malicious instruction. Live browsing is constrained, some network-dependent features are turned off, and selected external interactions are blocked when stronger safety guarantees cannot be provided. The trade-off is reduced functionality for users who choose stronger isolation.
The setting is available through ChatGPT’s security settings for personal users and is also being positioned for managed workspaces where administrators need additional controls over risky workflows. For business and education environments, the measure fits into a broader security framework that includes role-based controls, audit visibility, app restrictions, encryption in transit and at rest, and limits on how connected data is handled.
The second control, Active sessions, gives users a clearer view of their signed-in account footprint. From ChatGPT’s security settings, users can review browser sessions and first-party OpenAI app sessions associated with their account. Where available, the session list can show device or browser information, app context, approximate location, sign-in date and time, whether the device is trusted, and whether it is the current session.
Users can log out of individual sessions they do not recognise or choose to log out of all sessions across devices. The feature is designed to help users respond faster when they suspect an account has been left open on a shared device, accessed from an unfamiliar location or compromised through stolen credentials. Some session details may be approximate or incomplete, and accounts linked to certain organisation single sign-on systems may not have access to the feature.
The addition of session visibility brings ChatGPT closer to account-management practices common across major digital services, where users can review active logins and revoke access from devices they no longer trust. For ChatGPT, the feature carries added significance because the account may contain conversation history, uploaded files, workspace connections, coding sessions and access to paid services.
Security specialists have warned that AI accounts can become high-value targets as users entrust them with commercial plans, legal drafts, research material, financial analysis, software code and private communications. Account takeover risks also intersect with API usage, where compromised credentials or keys can lead to unauthorised consumption and potential data exposure.
Topics
Technology