OpenAI Rolling Out ChatGPT Account Security Controls
OpenAI is expanding availability of two ChatGPT account security features: Lockdown Mode and Active Sessions. Lockdown Mode helps reduce the risk of data exfiltration from prompt injection attacks by limiting outbound network requests, though it does not prevent prompt injections themselves. Active Sessions allows users to view and manage active login sessions to detect and terminate unauthorized access. These features aim to enhance account security, especially for users handling sensitive data. Additionally, OpenAI offers an opt-in Advanced Account Security feature that replaces password-based login with physical security keys or passkeys and strengthens account recovery methods. These controls provide users with improved tools to protect their ChatGPT accounts and data.
AI Analysis
Technical Summary
OpenAI is rolling out broader access to two ChatGPT security controls: Lockdown Mode and Active Sessions. Lockdown Mode is designed to mitigate the final stage of data exfiltration in prompt injection attacks by restricting outbound network requests, disabling features like live web browsing and file downloads. It does not block prompt injections themselves. Active Sessions enables users to review and manage devices and sessions where their ChatGPT account is logged in, allowing them to log out of unrecognized sessions. These features are intended to enhance account security, particularly for users with highly sensitive data. OpenAI also offers an Advanced Account Security option that disables password logins in favor of physical security keys or passkeys and improves account recovery mechanisms. These measures collectively strengthen protection against account takeover and data leakage risks.
Potential Impact
The features reduce the risk of data exfiltration via prompt injection attacks and unauthorized account access. Lockdown Mode limits capabilities that could be exploited to transfer sensitive data out of the ChatGPT environment. Active Sessions helps users detect and terminate unauthorized sessions, reducing the risk of account compromise. The Advanced Account Security feature further mitigates account takeover risks by removing password-based authentication and enhancing recovery security. There are no known exploits in the wild related to these features at this time.
Mitigation Recommendations
These security controls are currently being rolled out and can be enabled by users in their ChatGPT account settings. Lockdown Mode should be used by users and organizations handling highly sensitive data who require additional protection against data exfiltration. Active Sessions is available to all ChatGPT users except those using organizational SSO and should be used to monitor and manage active logins. Advanced Account Security is an opt-in feature recommended for users at increased risk of targeted attacks. Since these are newly introduced security features, users should enable them as appropriate to strengthen account security. Patch status is not applicable as these are new security controls rather than vulnerability fixes.
OpenAI Rolling Out ChatGPT Account Security Controls
Description
OpenAI is expanding availability of two ChatGPT account security features: Lockdown Mode and Active Sessions. Lockdown Mode helps reduce the risk of data exfiltration from prompt injection attacks by limiting outbound network requests, though it does not prevent prompt injections themselves. Active Sessions allows users to view and manage active login sessions to detect and terminate unauthorized access. These features aim to enhance account security, especially for users handling sensitive data. Additionally, OpenAI offers an opt-in Advanced Account Security feature that replaces password-based login with physical security keys or passkeys and strengthens account recovery methods. These controls provide users with improved tools to protect their ChatGPT accounts and data.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
OpenAI is rolling out broader access to two ChatGPT security controls: Lockdown Mode and Active Sessions. Lockdown Mode is designed to mitigate the final stage of data exfiltration in prompt injection attacks by restricting outbound network requests, disabling features like live web browsing and file downloads. It does not block prompt injections themselves. Active Sessions enables users to review and manage devices and sessions where their ChatGPT account is logged in, allowing them to log out of unrecognized sessions. These features are intended to enhance account security, particularly for users with highly sensitive data. OpenAI also offers an Advanced Account Security option that disables password logins in favor of physical security keys or passkeys and improves account recovery mechanisms. These measures collectively strengthen protection against account takeover and data leakage risks.
Potential Impact
The features reduce the risk of data exfiltration via prompt injection attacks and unauthorized account access. Lockdown Mode limits capabilities that could be exploited to transfer sensitive data out of the ChatGPT environment. Active Sessions helps users detect and terminate unauthorized sessions, reducing the risk of account compromise. The Advanced Account Security feature further mitigates account takeover risks by removing password-based authentication and enhancing recovery security. There are no known exploits in the wild related to these features at this time.
Mitigation Recommendations
These security controls are currently being rolled out and can be enabled by users in their ChatGPT account settings. Lockdown Mode should be used by users and organizations handling highly sensitive data who require additional protection against data exfiltration. Active Sessions is available to all ChatGPT users except those using organizational SSO and should be used to monitor and manage active logins. Advanced Account Security is an opt-in feature recommended for users at increased risk of targeted attacks. Since these are newly introduced security features, users should enable them as appropriate to strengthen account security. Patch status is not applicable as these are new security controls rather than vulnerability fixes.
Technical Details
- Article Source
- {"url":"https://www.securityweek.com/openai-rolling-out-chatgpt-account-security-controls/","fetched":true,"fetchedAt":"2026-06-08T08:33:35.240Z","wordCount":1068}
Threat ID: 6a267e5fe29bf47b50c05e16
Added to database: 6/8/2026, 8:33:35 AM
Last enriched: 6/8/2026, 8:33:46 AM
Last updated: 6/8/2026, 10:42:29 AM
Views: 9
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.