ChatGPT now has the power to handle a range of complex tasks, from beginning to end, using ‘its own computer’.
US artificial intelligence (AI) company OpenAI has launched an AI agent, reportedly with the ability to think and act proactively via “its own computer”.
In a statement released by the organisation, OpenAI explained that ChatGPT Agent works by unifying the agentic system and bringing together previously released AI tools in three core areas. This merges Operator’s ability to access websites, deep research’s ability to gather information and ChatGPT’s intelligent conversational skills.
OpenAI said, “ChatGPT carries out these tasks using its own virtual computer, fluidly shifting between reasoning and action to handle complex workflows from start to finish, all based on your instructions.
“Most importantly, you’re always in control. ChatGPT requests permission before taking actions of consequence and you can easily interrupt, take over the browser or stop tasks at any point.”
Requests you can ask of it include examples such “look at my calendar and brief me on upcoming client meetings based on recent news” and “analyse three competitors and create a slide deck”.
The platform will then navigate websites, filter results, ask you to log in securely if needed, run code, conduct an analysis and can also create slideshows and spreadsheets that summarise its findings.
Novel risks
However, the new launch does bring additional, novel risks, as noted by OpenAI, which explained that the release marks the first time that users can ask ChatGPT to take actions on the internet.
This means that the agent is working directly with personal data accessed through websites you have logged into and is now operating in ‘takeover mode’.
“We’ve strengthened the robust controls from Operator’s research preview and added safeguards for challenges such as handling sensitive information on the live web, broader user reach and (limited) terminal network access. While these mitigations significantly reduce risk, ChatGPT agent’s expanded tools and broader user reach mean its overall risk profile is higher,” said OpenAI.
OpenAI has cited prompt injections, that is attempts by third parties to manipulate model behaviour through hidden, malicious instructions the AI agent may encounter online, as being of particular concern and an area in which there will be additional safety protocol.
“A malicious prompt hidden in a webpage, such as in invisible elements or metadata, could trick the agent into taking unintended actions, like sharing private data from a connector with the attacker or taking a harmful action on a site the user has logged into. Because ChatGPT agents can take direct actions, successful attacks can have greater impact and pose higher risks.”
Furthermore, because ChatGPT capabilities have become so advanced, OpenAI has decided to regard the ChatGPT agent as having high biological and chemical capabilities under its Preparedness Framework and are activating the associated safeguards.
“While we don’t have definitive evidence that the model could meaningfully help a novice create severe biological harm, our threshold for high capability, we are exercising caution and implementing the needed safeguards now.”
Currently, the feature is available to certain users in the US. It is currently unavailable in the European Economic Area and Switzerland, however, OpenAI said it is “working on enabling access”.
Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.