OpenAI is promoting its "lock mode" to more ChatGPT users, and its coverage has expanded from a small number of enterprise users who attach great importance to security to all personal accounts and self-opened ChatGPT Business accounts.

This feature was first announced in February this year and was initially only available to a very small number of users with extremely high security requirements, such as executives and security teams in large organizations. Today, OpenAI stated that personal ChatGPT accounts such as Free, Go, Plus, and Pro, as well as self-service ChatGPT Business accounts, will gradually receive this feature. Users can enable it in "Settings > Security" of ChatGPT, provided that the account has opened this option.

After enabling lock mode, ChatGPT will limit or turn off several capabilities that rely on the network or external services, including real-time web browsing, Deep Research, Agent Mode, etc. Specifically, real-time web browsing will only be able to access cached content, and search results may be limited, unavailable, or outdated; image support may be limited, and ChatGPT cannot display images in regular replies or obtain images from the network, but users can still upload image files, and images can still be generated if supported; Deep Research, Agent Mode, Canvas network access, and file downloads for data analysis will also be disabled.

OpenAI also pointed out that the lock mode does not completely prevent prompt injection content from appearing in materials processed by ChatGPT. For example, malicious instructions may still be hidden in uploaded files or cached web pages. However, this mode is designed to reduce the risk by minimizing the ways in which such attacks can bring sensitive information out of the conversation.

In addition to the locked mode, OpenAI also announced that the "Active sessions" feature has also been extended to various ChatGPT account and workspace types. This feature allows users to check which devices their account is logged in on and end the corresponding session if necessary; the system will display information such as device or browser information, application context, approximate location, login date and time, whether it is a trusted device, and whether it is the current session.

OpenAI added that if the account is bound to the organization's single sign-on system, such as SAML or OIDC, the "Active sessions" function cannot be used.