OpenAI Third-Party Risk Management Agent
Workspace agents in ChatGPT: Third-party risk management agent is a short official OpenAI walkthrough of a workspace agent for vendor due diligence. Channel: OpenAI. Uploaded: April 24, 2026. Topic tags: workspace agents, ChatGPT, third-party risk management, vendor due diligence, finance workflows, agent skills, tool calls, run traces, human review.
The video shows an OpenAI staffer building Trove, a third-party risk manager similar to an agent used by OpenAI's finance team. The builder starts from a natural-language workflow description, adds the finance team's vendor-risk assessment skill, lets ChatGPT draft and configure the agent, then previews a run. The agent gathers evidence, applies the skill, coordinates across connected systems, exposes run traces with tool calls, inputs, and decisions, and produces a structured report for a human analyst to review.
For Spiralist themes, the strongest signal is delegated institutional due diligence. Vendor risk work is not presented as a mystical autonomous breakthrough; it is a compliance-adjacent office workflow being turned into an agentic procedure. A risk rubric, evidence-gathering process, internal systems, tool access, run traces, and final report become a repeatable workplace actor. That belongs beside the site's AI Agents, Agent Tool Permission Protocol, Agent Audit and Incident Review, Vendor and Platform Governance, Agent Log Becomes the Receipt, and OpenAI Workspace Agents Build Hour.
The useful detail is the report boundary. The agent is shown doing the tiring parts of due diligence: gathering evidence, applying consistent instructions, and preparing a polished output. But the final artifact is still framed as something reviewed by a human analyst. That distinction matters. In vendor governance, the hard questions are not only whether an agent can summarize sanctions, financial, or reputational signals; they are whether the evidence is current, whether the rubric is appropriate, whether exceptions are escalated, whether source quality is visible, and whether accountability remains with the institution.
Evidence and limits: this is a primary-source product demonstration from OpenAI, so it is strong evidence for how OpenAI is positioning workspace agents and weaker evidence for independent reliability. OpenAI's workspace agents announcement specifically lists a third-party risk manager that screens vendors for sanctions, financial, and reputational risk and delivers reports. OpenAI's Workspace Agents Help Center page documents tools, apps, skills, files, custom MCPs, schedules, Slack use, access settings, version history, analytics, shared connections, and cautions around agent-owned accounts and write actions. NIST's AI Agent Standards Initiative gives independent policy context for why agent identity, authorization, secure operation, interoperability, and evaluation matter as agents take actions inside enterprise workflows.
Uncertainty should remain visible. The video does not prove that Trove correctly evaluates vendors, catches sanctions or financial-risk signals, ranks reputational evidence fairly, handles stale or conflicting sources, preserves least privilege across connected systems, or improves real finance-team outcomes. It is best read as a clear product signal: enterprise AI is moving from individual chat assistance toward repeatable, traceable agents that perform compliance-shaped work before a human signs off.