OpenAI has shipped an optional Lockdown Mode for ChatGPT that restricts outbound tool calls and external connections, directly targeting prompt injection-based exfiltration paths. OpenAI explicitly acknowledges the control is incomplete: residual exfiltration risk remains even with Lockdown Mode enabled. For organizations with ChatGPT integrated into business workflows, this disclosure is a vendor-confirmed signal that AI-native attack surfaces require formal risk governance, not assumptions of platform safety.