Sam Altman advises against using your own ChatGPT agent

The ChatGPT Agent can perform extensive tasks. However, according to Sam Altman, it should not be used extensively as a precaution. The risks are too great.

ChatGPT Agent is a kind of combination of the previous agent model Operator, the information processing capabilities from Deep Research and the language skills of ChatGPT. Together, they should represent "a new level of AI system performance" and be able to perform "remarkable, complex tasks", writes Altman at X. But the warning follows on its heels.

It's "a chance to try out the future, but not as something I would use for high-level purposes or with a lot of personal information until we have a chance to study and improve it in the wild." Malicious actors could try to trick the agent, Altman continues. They should therefore only be granted the access that the agents absolutely need to complete a task – such as access to the calendar, but not permission to buy clothes directly.

AI models are vulnerable to attacks

Specifically, Altman even warns that ChatGPT Agent could reveal sensitive information if it is given free access to your emails. Someone could use a malicious email to instruct the agent to disclose data. This could simply be written as a prompt in the text field, no further knowledge is required. Whether the agent is really that easy to trick is unclear.

Jailbreaks and injections are generally a major problem for AI models. They are susceptible to poisoned data, hidden instructions and deliberately spread false information. OpenAI emphasizes that it has taken security measures. But their effectiveness is obviously not certain.

So what good is an AI agent that is not allowed to act independently? Altman thinks it could help you buy an outfit for a wedding, book a trip to the wedding and choose a gift. Only with human supervision. Altman also writes that ChatGPT Agent can analyze data and create a presentation. Here, too, it is important to limit what data can be involved.

(emw)