Enhanced Security with Lockdown Mode
OpenAI has introduced an optional advanced security setting called Lockdown Mode for ChatGPT, designed to mitigate the risk of data exfiltration from prompt injection attacks. This feature is particularly aimed at individuals and organizations handling sensitive data who require stricter protection. When enabled, Lockdown Mode restricts ChatGPT's ability to connect to the web and external services, thereby limiting outbound network requests.
While Lockdown Mode does not entirely prevent prompt injections from appearing in content processed by ChatGPT, its primary goal is to reduce the likelihood of sensitive data being shared externally. This is achieved by disabling or limiting several key functionalities.
Lockdown Mode Feature Limitations:
- Live web browsing: Access is limited to cached content, potentially resulting in stale or unavailable search results.
- Image support: ChatGPT may not display images in responses or retrieve them from the web, though users can still upload image files and generate their own images.
- Deep Research and Agent Mode: These functionalities are completely disabled.
- Canvas networking: Users cannot approve Canvas-generated code to access the network.
- File downloads: ChatGPT cannot download files for data analysis, though manually uploaded files can still be processed.
Lockdown Mode is now available to all logged-in users across various account types and workspaces, including Free, Go, Plus, Pro, and self-serve Business accounts. Users can activate it through the security settings within ChatGPT. OpenAI emphasizes that this mode is not necessary for most users but provides an additional layer of defense for those with heightened security concerns.
Revolutionizing Memory with "Dreaming" Architecture
Alongside the security enhancements, OpenAI has rolled out a significant upgrade to ChatGPT's memory feature, built upon its "Dreaming" architecture. This new architecture aims to make responses more personalized, useful, and continuous by allowing ChatGPT to better synthesize and organize context from past conversations over time. The update addresses previous limitations where memories could become stale, inaccurate, or difficult to maintain at scale.
The upgraded memory system is designed to automatically keep context up to date, reducing the need for users to repeat information. For Plus and Pro users in the US, this update also includes a doubling of memory capacity. The rollout for these users began on June 4, 2026, with expansion to Free and Go plans and additional countries expected in the coming weeks.
Key Memory Improvements:
- Automatic Memory Curation: ChatGPT can now automatically curate memories in the background by referencing chat history.
- Memory Summary: Users can review a summary of all memories ChatGPT has stored about them, with options to add, update, or edit information.
- Enhanced Personalization: The system aims to better understand user preferences, goals, and ongoing work, leading to more tailored ideas and recommendations.
This advanced memory system moves beyond simply saving explicit facts, instead focusing on synthesizing long-term context to balance freshness, continuity, and relevance. While beneficial for personalization, users are encouraged to periodically review their memory summary and utilize "Temporary Chat" for sensitive topics.
Addressing Prompt Injection and Data Exfiltration
The introduction of Lockdown Mode directly confronts the persistent challenge of prompt injection attacks, a form of social engineering specific to conversational chatbots. These attacks involve embedding malicious instructions within text that an AI model might process, potentially leading to the exfiltration of sensitive data. Researchers have highlighted how features like long-term memory and connectors can exacerbate the severity and persistence of such attacks.
OpenAI's multi-layered security approach, which includes sandboxing and protections against URL-based data exfiltration, is further strengthened by Lockdown Mode. By limiting outbound network requests, the mode acts as a crucial last line of defense against attackers attempting to extract information. However, OpenAI acknowledges that prompt injection remains a "frontier, challenging research problem" and that Lockdown Mode does not guarantee complete immunity from all forms of attack or data exfiltration.