OpenAI’s ChatGPT Agent Launches With Expanded Powers—And Elevated Risk
OpenAI has unveiled its most autonomous AI device but: a model of ChatGPT that may browse the net, run apps, and full real-world duties with little-to-no human enter. However with the leap in functionality comes a stark warning: The know-how might additionally invite a brand new wave of safety threats.
Launched on Thursday, ChatGPT Agent allows customers to delegate complicated duties, equivalent to planning holidays, reserving resort rooms, researching opponents, producing slide decks, and even putting on-line orders.
The function will begin rolling out immediately to Professional, Plus, and Staff customers.
To finish duties, the agent makes use of a digital laptop and a unified set of instruments, together with a text-based browser, terminal, and entry to third-party apps equivalent to Google Drive and GitHub. The digital laptop is a simulated computing surroundings operating within the cloud that the ChatGPT agent can management independently—type of like giving the AI its personal non-public, sandboxed machine to do actual work.
“I feel it is a new stage of functionality in AI,” OpenAI CEO Sam Altman mentioned throughout a livestream demonstration carried out by members of the workforce that constructed the product. The livestream was additionally noteworthy, nonetheless, in a part of the quantity of “purchaser beware” cautions OpenAI gave.
“It is a new method to make use of AI, however there shall be a brand new set of assaults that include that,” mentioned Altman. “Society and the know-how must evolve and find out how we will mitigate issues that we will not even actually think about but, as folks begin doing an increasing number of work this fashion.”
One instance: An agent might analysis a purchase order, discover the merchandise at a phishing web site and supply a consumer’s bank card information. To mitigate that downside, the present launch has numerous safeguards in place that might, as an example, cease simply in need of importing bank card data till the consumer manually approves it.
“We have educated the mannequin to disregard suspicious directions on dangerous web sites,” OpenAI researcher Casey Chu mentioned. “We even have screens that watch the agent’s habits and cease it if something appears to be like suspicious.”
Chu added that whereas system safeguards might be up to date in actual time, ChatGPT agent continues to be a “cutting-edge product” that opens the door to new types of exploitation.
“It’s vital for customers to know the dangers and be considerate concerning the data they share,” he mentioned.
The discharge of ChatGPT Agent comes at a time when AI builders are working to equip digital assistants with more and more highly effective capabilities. On Wednesday, Google launched a brand new AI-powered function in Google Search that permits its Gemini AI to make cellphone calls to companies on behalf of customers.
“ChatGPT Agent continues to be in its early phases, and we’re utilizing this time to be taught from real-world use to enhance each the product and our safeguards,” an OpenAI consultant instructed Decrypt. “The present system card displays our current method, however we’re making ready for what’s subsequent and can proceed to share updates as we make the agent higher and safer.”
ChatGPT can now do be just right for you utilizing its personal laptop.
Introducing ChatGPT agent—a unified agentic system combining Operator’s action-taking distant browser, deep analysis’s internet synthesis, and ChatGPT’s conversational strengths. pic.twitter.com/7uN2Nc6nBQ
— OpenAI (@OpenAI) July 17, 2025
Cybersecurity consultants have additionally raised considerations concerning the implications of autonomous brokers.
“Excessive concern is warranted as a result of the agent carries implicit authority to disclose private identifiers throughout dialogue,” mentioned Nic Adams, co-founder and CEO of cybersecurity agency 0rcus. “Customers ought to grant granular, revocable scopes equivalent to goal enterprise, objective, allowable knowledge parts, and expiration timestamp.”
By way of greatest practices, Adams prompt that after execution, the agent current a full transcript for approval earlier than storing any data for longer than legally required.
“Silent, blanket consent would shift legal responsibility onto the consumer with out significant management,” he mentioned. “Due to this fact, a per‑activity affirmation mannequin is critical.”
Past the dangers of letting AI brokers make purchases or plans, OpenAI researchers agreed that this stage of autonomy introduces new threats, particularly immediate injection assaults, the place malicious inputs trick the AI into leaking knowledge, spreading misinformation, or taking unauthorized actions.
To mitigate these dangers, OpenAI developed takeover mode, which, because the identify suggests, offers customers the ability to take over from the agent and enter data themselves, quite than counting on the agent. In some instances, ChatGPT Agent will ask for express consumer approval earlier than taking vital actions, like making purchases or accessing delicate knowledge.
“We have constructed a strong device, however customers want to remain cautious,” Chu mentioned.
