Skip to content

ChatGPT’s Agent Mode is another Leap Forward – with risks


Ray Poynter, 24 July 2025

ChatGPT’s new Agent Mode is another major leap forward in how AI is advancing, especially in the field of Agentic computing. It also represents a significantly increased risk level. In this post, I outline what Agent Mode is, the associated risks, and provide a simple example.

Overview

ChatGPT’s Agent Mode moves from passively following the user’s command to actively conducting complex tasks. OpenAI include the following description with their release “You can now ask ChatGPT to handle requests like “look at my calendar and brief me on upcoming client meetings based on recent news,” “plan and buy ingredients to make Japanese breakfast for four,” and “analyze three competitors and create a slide deck.” ChatGPT will intelligently navigate websites, filter results, prompt you to log in securely when needed, run code, conduct analysis, and even deliver editable slideshows and spreadsheets that summarize its findings.”

This means that it can:

  • Browse websites, fill out forms, and analyse data.
  • Interact with connected apps (such as Gmail, Google Drive, and GitHub) via connectors.
  • Automate workflows such as planning meetings, making purchases, and creating presentations or spreadsheets.
  • Switch between reasoning, research, action, and code execution—all from user instructions in natural language

Currently, access is only available for paid accounts and is not accessible in every region, such as the EU.

Security Concerns

OpenAI has flagged a wide range of security and privacy concerns, including:

  1. Prompt Injection Attacks. Agent Mode can be exposed to malicious web content that hides harmful prompts in invisible elements or site metadata. If tricked by such attacks, the agent may leak private data or take unauthorised actions—especially on sites or apps where the user is logged in.
  2. Excessive Autonomy & Access. ChatGPT Agent acts with the same access privileges as the user. It can perform irreversible actions across platforms you log into. There are limited technical means to constrain its access once authorised.
  3. Lack of Differential Access Controls. Currently, there is no way to grant the AI reduced permissions compared to the actual user; permissions and credential usage are identical.
  4. Auditability and Accountability Gaps. Actions performed by Agent Mode are nearly indistinguishable from those of the user in system audit logs. This can complicate compliance, tracking, and investigation in case of a breach.
  5. Memory and Data Exposure. The agent may store or inadvertently expose sensitive business data from documents, emails, and connected services if context is not tightly scoped.
  6. AI Hallucinations & Misfires. Errors in interpretation or task execution can lead to unintended actions being performed with real-world consequences.

An Example

Here is a simple (relatively safe) example of using Agent Mode.

After launching ChatGPT, I selected Agent Mode from the Tools dropdown menu.

The Agent Mode on the Tools menu

I then gave it the prompt “Go to the ResearchWiseAI website and find the TalkingAI podcasts. Create a spreadsheet listing all of the podcasts, their date, their length, the title, guests, the URL, and a 100-word summary of the content. Download the spreadsheet as an Excel file.”

It worked for 9 minutes and produced an online view of the spreadsheet.

Spreadsheet of Episodes

I downloaded the file as an Excel file; if you’d like to view it, click here to access it as a Google Sheet.

This process took 9 minutes and delivered something I had meant to do for several weeks, compiling a simple list of the Talking AI podcasts.

What Next?

I am going to start using this mode. I can see how it will speed up many of my regular tasks. However, I will be vigilant about security issues. If we want to use Agents and if we want Agents to be able to use Agents, we need to cede some control. The ‘human in the loop’ is no longer possible, so how does the human oversee the process to maintain core standards and values?

I think my initial uses will be in the field of documentation. Tidying up my lists of blogs, articles, etc. I can see that I will use it as an enhanced form of Deep Research, to help me gather informaition for research and projects. When I am confident enough about its security, I will probably get it to tidy up my past emails, my file structures, and my projects. But I think it will be quite a while before I ask it to go online and buy something for me.

Want to learn more about Agents?

Agents Unleased Webinar

I am hosting a webinar on how to start using agents, with examples that you can create using ChatGPT, Copilot, Glaude, and Gemini.

Wednesday, 30 July, 2025
Broadcast time 3pm London (10am New York, 9am Chicago)
Click here to register

Curious about how hot insights methods can benefit your business? Contact us at SoftOfficePro.com. We’ll help you harness the latest market research techniques to stay ahead of the competition. For all Market Research projects please visit pulsefe.com. They have a great platform comparable to STG at a fractional cost. For ODK Collect projects please contact us at softofficepro.com

Source link

Tags:

Join the conversation

Your email address will not be published. Required fields are marked *

Discover more from SOFTOFFICEPRO

Subscribe now to keep reading and get access to the full archive.

Continue reading

Share via
Facebook
X (Twitter)
LinkedIn
Mix
Email
Print
Copy Link
Copy link
CopyCopied