Fine Print Deep-Dive: ChatGPT Agent Mode’s Legal Terms

WANNA KNOW WHAT YOU’RE REALLY AGREEING TO IF YOU SIGN UP TO USE CHATGPT’S NEWEST FEATURE?

READ ON.

If you’ve tinkered with ChatGPT long enough, you’ve probably hit the same moment of frustration that I’ve hit before.

ChatGPT: Here is a beautifully-branded template, complete with your brand colors, ready for your use! [LINK]

Me: *Clicks Link and sees two lines of black text on a white background; not a color or brand element in sight.*

That scenario could be one of the things that ChatGPT’s Agent Mode is here to alleviate.

It can browse the web for you! Execute tasks for you! All behind the scenes on your computer, while you sleep!

What could go wrong… right?

Yeah, you and I know better than that. (And I’ll bet that’s why you’re here.)

So let’s go. Dig into the fine print with me. But don’t worry, for each “Ummmmm….” thing that I discovered, I’ll give you the good news along with the lesson.

Privacy Risks

It’s not a far stretch to think that something could go wrong when Chat has direct access to your Dropbox or goes searching through your emails. (Both are things listed as examples on OpenAI’s website).

How Agent Mode Works

And I quote:
ChatGPT agent uses screenshots of its virtual browser window to “see” and interact with web pages. This allows it to click buttons, fill out forms, and navigate websites.

Eew: How “Prompt Injections” Could Ruin the Fun

Imagine, while your ChatGPT "Agent” is poking around your inbox or CRM, that it runs into one little hidden piece of computer code.

That malicious code (hidden in an image or some metadata) tricks your Agent into doing something that your Agent didn’t necessarily set out to do.

Like retrieving a password reset email in Gmail. Or forward personal data. Or buy something.

The Good News: There’s something called “takeover mode” that allows Chat to pause, wait for you to put in a password. While you’re “taking over,” Chat doesn’t take any screen shots.

The Lesson: Even AI assistants can get scammed, so Agent Mode shouldn’t be a set-it-and-forget-it solution.

Protection Depends On Your Plan (but you can opt out)

You know how I mentioned that Chat takes screen shots so it can “see” what it’s doing?

Well you remember how LLMs (learning language models) work, right?

ChatGPT learns more the more that it talks to you and interacts with you. And those interactions help train the system as a whole, so that everyone can have a better experience.

Well those screen shots are used to train the beast, too.

Unless you’re on an Enterprise/Team plan. Their business data isn’t used to train OpenAI’s models at all.

But Plus/Pro users’ data (like screenshots of, say, your inbox or client file) can be used for training unless you opt out.

The Good News: You can actually opt out. (Here’s more info on that.)

The Lesson: If you don’t opt out, you might accidentally send confidential info (yours or your clients’) into the training pool. Bigger companies (enterprise, etc.) get default privacy protections; individual users have to fend for themselves.

Deleting Sensitive Info is On You

Those screen shots I mentioned, the ones your Agent takes so it can “see” what it’s doing, are saved in your conversation history until you delete them.

So if you had the Agent popping around your CRM (hello, sensitive client info) or review your online course material (that people have to pay to access)… it’s stored. And remember, it’s there to help train the entire system unless you opt out.

The Good News: You can delete sensitive info…

The Lesson: … you just have to remember to do it. Or just avoid using an Agent in areas of your business where it might access sensitive or proprietary stuff.

Conclusion

I am no computer scientist, and the people that work on this stuff are very, very smart. I’m sure they’ve thought of putting in some safeguards. But if you’re in an industry (like me!) where you have some pretty strong rules regarding client info, be very very careful how you’re using ChatGPT Agent Mode. For now, I’m opting out.