Operator System Card
📰 OpenAI News
OpenAI's Operator System Card outlines the safety work and mitigations for the Computer-Using Agent (CUA) model, which combines GPT-4o's vision capabilities with advanced reasoning through reinforcement learning
Action Steps
- Read the Operator System Card to understand the safety work and mitigations
- Review the Preparedness Scorecard to assess the risk areas and mitigations
- Evaluate the model and product mitigations implemented to address novel vulnerabilities
- Consider the implications of the CUA model for future applications and potential risks
Who Needs to Know This
The development and research teams at OpenAI, including AI engineers, researchers, and product managers, can benefit from understanding the safety work and mitigations outlined in the Operator System Card to ensure the safe deployment of the CUA model
Key Insight
💡 The Operator System Card provides a multi-layered approach to safety, including proactive refusals of high-risk tasks, confirmation prompts, and active monitoring systems
Share This
🚀 OpenAI's Operator System Card outlines safety work and mitigations for Computer-Using Agent (CUA) model 🤖
Key Takeaways
OpenAI's Operator System Card outlines the safety work and mitigations for the Computer-Using Agent (CUA) model, which combines GPT-4o's vision capabilities with advanced reasoning through reinforcement learning
Full Article
# Operator System Card | OpenAI
[Skip to main content](https://openai.com/index/operator-system-card#main)
[](https://openai.com/)
* [Research](https://openai.com/research/index/)
* Products
* [Business](https://openai.com/business/)
* [Developers](https://openai.com/api/)
* [Company](https://openai.com/about/)
* [Foundation(opens in a new window)](https://openaifoundation.org/)
[Try ChatGPT(opens in a new window)](https://chatgpt.com/)
* Research
* Products
* Business
* Developers
* Company
* [Foundation(opens in a new window)](https://openaifoundation.org/)
[Try ChatGPT(opens in a new window)](https://chatgpt.com/)
OpenAI
January 23, 2025
[Safety](https://openai.com/news/safety-alignment/)[Publication](https://openai.com/research/index/publication/)
# Operator System Card
This report outlines the safety work carried out prior to releasing Operator including external red teaming, frontier risk evaluations according to our Preparedness Framework, and an overview of the mitigations we built in to address key risk areas.
[Read the System Card(opens in a new window)](https://cdn.openai.com/operator_system_card.pdf)[Contributions](https://openai.com/index/introducing-operator/)
Loading…
Share
## Operator System Card
Specific areas of risk
* Harmful tasks
* Model mistakes
* Prompt injections
Preparedness Scorecard
* CBRN
Low
* Cybersecurity
Low
* Persuasion
Medium
* Model autonomy
Low
## Scorecard ratings
* Low
* Medium
* High
* Critical
Only models with a post-mitigation score of "medium" or below can be deployed.
Only models with a post-mitigation score of "high" or below can be developed further.
### Introduction
Operator is a research preview of our Computer-Using Agent (CUA) model, which combines GPT‑4o’s vision capabilities with advanced reasoning through reinforcement learning. It interprets screenshots and interacts with graphical user interfaces (GUIs)—the buttons, menus, and text fields people see on a computer screen—just as people do. Operator’s ability to use a computer enables it to interact with the same tools and interfaces that people rely on daily, unlocking the potential to assist with an unparalleled range of tasks.
Users can direct Operator to perform a wide variety of everyday tasks using a browser (e.g., ordering groceries, booking reservations, purchasing event tickets) all under the direction and oversight of the user. This represents an important step towards a future where ChatGPT is not only capable of answering questions, but can take actions on a user’s behalf.
While Operator has the potential to broaden access to technology, its capabilities introduce additional risk vectors. These include vulnerabilities like prompt injection attacks where malicious instructions in third-party websites can mislead the model away from the user’s intended actions. There’s also the possibility of the model making mistakes that are challenging to reverse or being used to execute harmful or disallowed tasks at a user’s request. To address these risks, we have implemented a multi-layered approach to safety, including proactive refusals of high-risk tasks, confirmation prompts before critical actions, and active monitoring systems to detect and mitigate potential threats.
Drawing on OpenAI’s established safety frameworks and the safety work already conducted for the underlying [GPT‑4o](https://openai.com/index/gpt-4o-system-card/) model[1](https://openai.com/index/operator-system-card#citation-bottom-1), this system card details our multi-layered approach for testing and deploying Operator safely. It outlines the risk areas we identified and the model and product mitigations we implemented to address novel vulnerabilities.
### Model data and training
As discussed in our accompanying [research blog post](https://openai.com/index/computer-using-agent/)[2](https://openai.com/index/operator-system-card#citation-bottom-2), Operator is trained t
[Skip to main content](https://openai.com/index/operator-system-card#main)
[](https://openai.com/)
* [Research](https://openai.com/research/index/)
* Products
* [Business](https://openai.com/business/)
* [Developers](https://openai.com/api/)
* [Company](https://openai.com/about/)
* [Foundation(opens in a new window)](https://openaifoundation.org/)
[Try ChatGPT(opens in a new window)](https://chatgpt.com/)
* Research
* Products
* Business
* Developers
* Company
* [Foundation(opens in a new window)](https://openaifoundation.org/)
[Try ChatGPT(opens in a new window)](https://chatgpt.com/)
OpenAI
January 23, 2025
[Safety](https://openai.com/news/safety-alignment/)[Publication](https://openai.com/research/index/publication/)
# Operator System Card
This report outlines the safety work carried out prior to releasing Operator including external red teaming, frontier risk evaluations according to our Preparedness Framework, and an overview of the mitigations we built in to address key risk areas.
[Read the System Card(opens in a new window)](https://cdn.openai.com/operator_system_card.pdf)[Contributions](https://openai.com/index/introducing-operator/)
Loading…
Share
## Operator System Card
Specific areas of risk
* Harmful tasks
* Model mistakes
* Prompt injections
Preparedness Scorecard
* CBRN
Low
* Cybersecurity
Low
* Persuasion
Medium
* Model autonomy
Low
## Scorecard ratings
* Low
* Medium
* High
* Critical
Only models with a post-mitigation score of "medium" or below can be deployed.
Only models with a post-mitigation score of "high" or below can be developed further.
### Introduction
Operator is a research preview of our Computer-Using Agent (CUA) model, which combines GPT‑4o’s vision capabilities with advanced reasoning through reinforcement learning. It interprets screenshots and interacts with graphical user interfaces (GUIs)—the buttons, menus, and text fields people see on a computer screen—just as people do. Operator’s ability to use a computer enables it to interact with the same tools and interfaces that people rely on daily, unlocking the potential to assist with an unparalleled range of tasks.
Users can direct Operator to perform a wide variety of everyday tasks using a browser (e.g., ordering groceries, booking reservations, purchasing event tickets) all under the direction and oversight of the user. This represents an important step towards a future where ChatGPT is not only capable of answering questions, but can take actions on a user’s behalf.
While Operator has the potential to broaden access to technology, its capabilities introduce additional risk vectors. These include vulnerabilities like prompt injection attacks where malicious instructions in third-party websites can mislead the model away from the user’s intended actions. There’s also the possibility of the model making mistakes that are challenging to reverse or being used to execute harmful or disallowed tasks at a user’s request. To address these risks, we have implemented a multi-layered approach to safety, including proactive refusals of high-risk tasks, confirmation prompts before critical actions, and active monitoring systems to detect and mitigate potential threats.
Drawing on OpenAI’s established safety frameworks and the safety work already conducted for the underlying [GPT‑4o](https://openai.com/index/gpt-4o-system-card/) model[1](https://openai.com/index/operator-system-card#citation-bottom-1), this system card details our multi-layered approach for testing and deploying Operator safely. It outlines the risk areas we identified and the model and product mitigations we implemented to address novel vulnerabilities.
### Model data and training
As discussed in our accompanying [research blog post](https://openai.com/index/computer-using-agent/)[2](https://openai.com/index/operator-system-card#citation-bottom-2), Operator is trained t
DeepCamp AI