ChatGPT

Chat

OpenAI

Product overview

Name of Agent: ChatGPT

Short description of agent: "ChatGPT is the free AI chatbot for everyone. Ask anything, learn, and explore new ideas with the world’s most advanced AI chat." source: html description (link, archived)

Date of release: 30/11/2022 (link, archived), initial release

Advertised use: ["Summarize meetings. Find new insights. Increase productivity. [...] Generate and debug code. Automate repetitive tasks. Learn new APIs. [...]Search the web [...] Analyze data and create charts [...] Create images."](https://chatgpt.com/overview)

Monetisation/Usage price: free, 20, plus, agent mode 200, pro greater rate limits (link, archived)business

Who is using it?: end user, enterprises (separate subscriptions), government, education

Website: (https://chatgpt.com/overview?openaicom_referred=true, archived)

Category: Chat

Company & accountability

Developer: OpenAI

Name of legal entity: OpenAI, L.L.C. (link, archived)

Place of legal incorporation: Delaware

For profit company?: Yes

Parent company?: For-profit LLC falls within the OpenAI Group (PBC) which is controlled by OpenAI Foundation (26% vs Microsoft's 27%, rest going to staff)

Governance documents analysis: Terms and Policies (link, archived)(general to OpenAI, not product specific)

AI safety/trust framework: Preparedness Framework (link, archived)

Compliance with existing standards: for ChatGPT services including ChatGPT Enterprise and ChatGPT Edu SOC2, ISO 27001, 27017, 27018, and 27701 certified. (link, archived)

Technical capabilities & system architecture

Model specifications: OpenAI models. Available models vary with older models being deprecated. Currently available: GPT5.1, GPT5 instant, GPT5 thinking, GPT 4o

Documention: No specific documentation page. Overview page (here, archived).

Observation space: User inputted text and images, and internet access.

Action space: Text and images returned to user.

Memory architecture: Can access chat history and a store of memories, details (here, archived).

User interface and interaction design: Chatbot. Also capable of generating canvases for writing/code, and also interactive UIs on some queries (e.g., interactive map with pins for geo-based recs like restaurants)

User roles: Operator (issues queries, which the agent to responds to); Executor (user may take actions/make decisions based on outputs); Examiner (user can use thumbs up/down buttons to give feedback)

Component accessibility: Closed source

Autonomy & control

Autonomy level and planning depth: L1-L2: Tasks that users assigns to the agent are often narrow in scope. More complex tasks need multi-turn conversations where the user is in charge of planning. Agent always comes back to the user and awaits further instructions

User approval requirements for different decision types: The turn-based interaction paradigm by default requires user approval (issuing further instructions) to continue the interaction. Model can also ask follow-up/clarifying questions

Execution monitoring, traces, and transparency: Visible (albeit summarized) CoT when reasoning is activated

Emergency stop and shut down mechanisms and user control: User can pause/stop the agent at any time

Usage monitoring and statistics and patterns: None, will just tell you when you've hit their limit

Ecosystem interaction

Identify to humans?: - "Images generated with ChatGPT on the web and our API serving the DALL·E 3 model, will now include C2PA metadata." (link, archived) - "Images produced within ChatGPT will contain an additional manifest, indicating the content was created using ChatGPT." (link, archived) - Audio watermarking into Voice Engine, chatGPT's custom voice model, is currently in a limited research preview. (link, archived)

Identifies technically?: - User-agent strings and IP ranges (link, archived) - For custom Actions/connectors, there are separate IP ranges ((link, archived), (link, archived))

Interoperability standards and integrations: - MCP support (link, archived)

Web conduct: - Obeys robots.txt (link, archived) OpenAI documents that ChatGPT may fetch pages for user-initiated requests using the ChatGPT-User agent and explicitly states that because these actions are user-initiated, robots.txt rules “may not apply” (link, archived) - Third party reports of bots ignoring robots.txt (link, (link, archived), (link, archived))

Safety, evaluation & impact

Technical guardrails and safety measures: In GPT 5.0 (link, archived): model training, content classifiers, account-level monitoring/bans, access controls as safeguards for biological and chemical risk

Sandboxing and containment approaches: None found

What types of risks were evaluated?: In GPT 5.0 (link, archived): usage policy testing, sycophancy, jailbreaks, prompt injections, hallucinations, deception, health, fairness/bias, violent attack planning, CBRN, cyber capabilities/misuse, autonomy

(Internal) safety evaluations and results: In GPT 5.0 (link, archived): - Usage policy evals: internal datasets - Sycophancy: internal datasets - Jailbreaks: StrongReject - Prompt injections: internal datasets - Hallucinations: LongFact, FActScore, SimpleQA - Deception: Abstention-Bench, CharXiv - Health: HealthBench, HealthBench Hard, HealthBench Consensus - Fairness/bias: BBQ - CBRN: internal datasets created by Gryphon Scientific. "We decided to treat this launch as High capability in the Biological and Chemical domain, activating the associated Preparedness safeguards. We do not have definitive evidence that this model could meaningfully help a novice to create severe biological harm, our defined threshold for High capability, and the model remains on the cusp of being able to reach this capability" - Cyber: CTFs and cyber ranges evals (datasets not disclosed) - Autonomy: SWE-bench verified, set of OpenAI PRs, MLE-Bench, SWE-Lancer, PaperBench, set of internal OpenAI research and engineering tasks ("OPQA")

Third-party testing, audits, and red-teaming: In GPT 5.0 (link, archived): SecureBio conducted external bio evals and red-teaming. Apollo Research conducted external evals for sandbagging. Pattern Labs conducted external evals for cyber capabilities/misuse. METR conducted external evaluations for autonomy.

Benchmark performance and demonstrated capabilities: Refer to GPT 5.0 (link, archived) System Card for full results

Bug bounty programmes and vulnerability disclosure: Yes (link, archived)

Any known incidents?: Tainted memories vulnerability (link, archived)

← Back to 2025 Index