What is OpenAI’s latest ChatGPT Agent and why fears of ‘severe biological harm’ have the company on edge; key takeaways here

OpenAI has launched ChatGPT Agent, a new tool designed to handle complex, multi-step tasks using its own virtual computer. Announced on Thursday, the agentic model combines the capabilities of Operator and Deep Research into a unified system that can manage everything from scheduling and shopping to generating presentations and research reports. This is the first time ChatGPT can take direct actions on the web on behalf of users. Fortune India brings you a simple and crisp lowdown on the key takeaways from the launch and why this matters to you.

#1: Contextuality and automated workflows – What all it can do

ChatGPT Agent can now autonomously complete complex, multi-step tasks using its own virtual computer. It can access calendars, review news, plan events, purchase ingredients, analyse competitors, and generate editable presentations and spreadsheets.

The agent navigates websites, runs code, filters results, and prompts for logins when needed, all while maintaining task context.

“At work, you can automate repetitive tasks, like converting screenshots or dashboards into presentations composed of editable vector elements, rearranging meetings, planning and booking offsites, and updating spreadsheets with new financial data while retaining the same formatting. In your personal life, you can use it to effortlessly plan and book travel itineraries, design and book entire dinner parties, or find specialists and schedule appointments,” OpenAI said in a blogpost.

While it cannot perform financial transactions, it requests user permission before taking any irreversible action.

#2: How does it work?

ChatGPT Agent is part of the same agentic model family as OpenAI’s o3 and merges the strengths of Deep Research and Operator. The model can perform multi-step research, generate reports, interact with websites through a visual browser, and execute tasks like coding, data analysis, and creating slides or spreadsheets using a built-in terminal. It also connects to external apps such as Gmail, GitHub, and Google Drive via first-party connectors.

The model operates through a virtual computer that retains task context across different tools, allowing it to shift seamlessly between reasoning and execution to manage complex workflows from end to end, based entirely on user instructions. The virtual computer that the agentic model uses “preserves the context necessary for the task, even when multiple tools are used.”

#3: ChatGPT Agent will be rolled out only to Pro, Plus and Team users meaning Agentic AI will not be free for all

Not everyone gets the access for this agent. This also means that while every tech giant talks about Agentic AI, it will not come free of cost and as a result with a universal access.

For now, ChatGPT Agent has been fully rolled out to Pro users as of Friday, with Plus and Team users expected to gain access by Monday, according to the company’s latest update on X. Enterprise and Education users will follow in the coming weeks. Pro users will get 400 messages per month, while Plus and Team users will receive 40, with additional usage available through a credit-based system. Access in the European Economic Area and Switzerland is still pending.

#4: Will the agent be safe for use?

OpenAI in its over 3000-word long blogpost accepted that the new agentic model introduces new risks, especially given the agent can access user data through connectors or websites via takeover mode.

As a result, the company claims to have expanded safeguards from Operator’s research preview to address issues like sensitive data handling, wider user access, and limited terminal network access.

The safeguards include protections against prompt injection, with the model trained to detect such threats, along with monitoring, explicit user confirmations, and options for users to pause or intervene in tasks.

Prompt injection means a risk where malicious instructions hidden in web content could trick the agent into harmful actions, such as leaking private data or misusing logged-in accounts.

Additional measures include refusal of high-risk actions, privacy controls, and a secure browser mode that keeps user inputs private.

“While these mitigations significantly reduce risk, ChatGPT agent’s expanded tools and broader user reach mean its overall risk profile is higher,” OpenAI said in its blogpost.

Yet, the bigger problem is what OpenAI has identified itself – that of biological self-harm.

Given the model's advanced capabilities, OpenAI has classified ChatGPT Agent under its High Biological and Chemical capabilities category, activating the highest level of safeguards. Although there's no direct evidence it could enable harmful biological activity, precautionary measures include threat modelling, dual-use refusal training, continuous monitoring, and strict enforcement systems.

“While we don’t have definitive evidence that the model could meaningfully help a novice create severe biological harm—our threshold for High capability—we are exercising caution and implementing the needed safeguards now,” OpenAI said in a blogpost.

OpenAI claims that the company also collaborating with biosecurity experts, researchers, and institutions to validate assessments, stress-test protections, and advance broader biodefense efforts through ongoing global partnerships.

As a result, while the launch of this first agentic model seems lucrative for users across the world, this also means the start of a world where caution must be increased with every AI usage.