ChatGPT now thinks and acts, proactively choosing from a toolbox of agentic skills to complete complex tasks for you using its own computer.
You can now ask ChatGPT to handle requests like “look at my calendar and brief me on upcoming client meetings based on recent news,” “plan and buy ingredients to make Japanese breakfast for four,” and “analyze three competitors and create a slide deck.” „ChatGPT will intelligently navigate websites, filter results, prompt you to log in securely when needed, run code, conduct analysis, and even deliver editable slideshows and spreadsheets that summarize its findings.” – the company said in a blog post.
At the core of this new capability is a unified agentic system. It brings together three strengths of earlier breakthroughs: Operator’s ability to interact with websites, deep research’s skill in synthesizing information, and ChatGPT’s intelligence and conversational fluency.
ChatGPT carries out these tasks using its own virtual computer, fluidly shifting between reasoning and action to handle complex workflows from start to finish, all based on your instructions.
Most importantly, you’re always in control. ChatGPT requests permission before taking actions of consequence, and you can easily interrupt, take over the browser, or stop tasks at any point.
How to use
You can activate ChatGPT’s new agentic capabilities directly through the tools dropdown from the composer by selecting ‘agent mode’ at any point in any conversation. Simply describe your desired task—whether it’s conducting deep research, creating a slideshow, or submitting expenses. As it performs your task, an on-screen narration provides visibility into exactly what ChatGPT is doing. You can interrupt and take control of the browser whenever needed, ensuring tasks remain aligned with your goals.
ChatGPT agent can access your connectors, allowing it to integrate with your workflows and access relevant, actionable information. Once authenticated, these connectors allow ChatGPT to see information and do things like summarize your inbox for the day or find time slots you’re available for a meeting—to take action on these sites, however, you’ll still be prompted to log in by taking over the browser.
Additionally, you can schedule completed tasks to recur automatically, such as generating a weekly metrics report every Monday morning.
Novel capabilities, novel risks
This release marks the first time users can ask ChatGPT to take actions on the web. This introduces new risks, particularly because ChatGPT agent can work directly with your data, whether it’s information accessed through connectors or websites that you have logged it into via takeover mode.
„We’ve strengthened the robust controls from Operator’s research preview and added safeguards for challenges such as handling sensitive information on the live web, broader user reach, and (limited) terminal network access. While these mitigations significantly reduce risk, ChatGPT agent’s expanded tools and broader user reach mean its overall risk profile is higher.
We’ve placed a particular emphasis on safeguarding ChatGPT agent against adversarial manipulation through prompt injection, which is a risk for agentic systems generally, and have prepared more extensive mitigations accordingly.”
Prompt injections are attempts by third parties to manipulate its behavior through malicious instructions that ChatGPT agent may encounter on the web while completing a task. For example, a malicious prompt hidden in a webpage, such as in invisible elements or metadata, could trick the agent into taking unintended actions, like sharing private data from a connector with the attacker, or taking a harmful action on a site the user has logged into. Because ChatGPT agent can take direct actions, successful attacks can have greater impact and pose higher risks.
„We’ve trained and tested the agent on identifying and resisting prompt injections, in addition to using monitoring to rapidly detect and respond to prompt injection attacks.”
Simon Taylor, Head of Strategy at Saedine, commenting on this launch:
„OpenAI launches ChatGPT Agent but says „bad actors will probably exploit this.” Sam Altman goes on…
„We don’t know what will happen.”
„Don’t use it for anything important.”
„We can’t anticipate everything that will go wrong.”
Then he shipped it to 200 million users anyway.
ChatGPT’s new Agent has its own virtual computer. Not your computer. Its own desktop, browser, applications that it controls completely.
You tell it to plan a wedding. It spends 45 minutes browsing venues, comparing prices, booking vendors, ordering gifts. No supervision. No approval. Just autonomous work. You ask for a competitive analysis. It researches companies, builds spreadsheets, creates presentations. While you sleep.
OpenAI built an AI that works like an employee but admitted they have no idea how to manage it.
Most companies would call this reckless. Altman calls it necessary. „We need to learn from contact with reality.” Translation: The only way to understand superhuman AI is to let it loose and see what breaks.
I can’t help but think fraudsters will absolutely ADORE this product and jail break the shit out of it.
Your AI coworker just started. Whether anyone knows how to supervise it or not.”
Banking 4.0 – „how was the experience for you”
„To be honest I think that Sinaia, your conference, is much better then Davos.”
Many more interesting quotes in the video below:
