OpenAI Unveils 'Trove': AI for Third-Party Risk Analysis

In a significant move towards automating complex business processes, OpenAI has showcased a new custom GPT agent named Trove. This agent is designed to tackle the intricate task of third-party risk analysis, a critical function for businesses that rely on external vendors and partners. The demonstration, led by OpenAI's HoJun, highlights how the platform can be used to build specialized AI agents capable of performing sophisticated tasks with remarkable efficiency.

Meet the Builder: HoJun

HoJun, a demonstrator from OpenAI, guides viewers through the creation and functionality of Trove. While his specific title isn't detailed, his role in showcasing the capabilities of OpenAI's agent-building platform positions him as a key figure in bridging the gap between advanced AI and practical business applications.

The full discussion can be found on OpenAI Youtube's YouTube channel.

Introducing Trove: automating third-party risk assessment

The core of the video revolves around the creation and functionality of Trove, an AI agent built to automate third-party risk assessments. HoJun explains that Trove takes vendor details and uses web search combined with a Third-Party Risk Management (TPRM) research skill. It references a criterion-based vendor risk assessment framework, specifically a Google Drive risk criteria spreadsheet, as its source of truth. The ultimate output is a polished Google Doc report.

HoJun emphasizes that building Trove aims to accelerate the time-intensive and often manual process of vendor due diligence. Instead of relying solely on finance or risk teams to manually conduct these assessments, Trove can perform them with greater consistency and speed.

The Building Process: From Prompt to Agent

The demonstration walks through the process of creating Trove within the ChatGPT interface. HoJun begins by describing the desired agent's function in natural language: "Build Trove, the Third Party Risk Manager agent that takes in vendor details, uses web search plus a TPRM risk research skill to perform criterion-based vendor risk assessments, references a Google Drive risk criteria spreadsheet (TPRM Risk Criteria) as the source of truth, and creates a polished Google Doc report as its final deliverable."

The system then prompts for additional skills and tools. HoJun adds the existing "tprn-risk-research.zip" skill, which contains the necessary instructions and data for the agent to perform its task. He also specifies the use of Web Search, Google Drive, and Google Docs as integrated tools.

The process involves defining the agent's role and providing clear instructions. The "Role" section defines Trove as "a third-party risk manager for vendor diligence and criterion-based vendor risk assessments." The "Skill Directory" further clarifies its purpose, stating it uses "tprn-risk-research for substantive third-party risk research and criterion-by-criterion assessment workflow."

Testing Trove: A Real-World Simulation

To demonstrate Trove's capabilities, HoJun initiates a preview run. He provides a hypothetical vendor, "Acme," and its website URL. The agent then begins its workflow, outlining the steps it will take:

• Open the TPRM workflow and locate the risk criteria spreadsheet.
• Research Acme using current public sources and collect evidence by criterion.
• Draft a polished Google Doc with findings, risks, posture, and next steps.

The video shows the agent actively searching for information, accessing Google Drive to find the criteria sheet, and then compiling the findings. The output is a detailed Google Doc, complete with a risk summary, a risk matrix, and detailed findings across various categories such as Security, Financial, Operational, and Regulatory.

The Output: A Comprehensive Risk Report

The final Google Doc generated by Trove provides a thorough assessment of the hypothetical vendor, Acme. It includes a risk rating for each criterion and key rationales. For instance, under Security, it notes Acme's PCI Service Provider Level 1 status and its implications. The report also details key evidence gaps and provides a clear overview of Acme's overall risk posture, categorized as "Moderate (Tier 2)."

The demonstration shows that Trove can complete this entire process in a matter of minutes, a stark contrast to the hours or days it would typically take a human analyst. This highlights the potential for significant efficiency gains and cost savings for organizations.

The Future of Workspace Agents

The video concludes by listing other potential applications for custom ChatGPT agents, including analyzing vendor risk, running month-end close tasks, and creating finance reports. This suggests that Trove is just one example of how OpenAI envisions agents being used to automate a wide range of business functions.

The availability of these advanced agent-building capabilities in ChatGPT Business, Enterprise, and Edu versions indicates OpenAI's strategic focus on bringing powerful AI tools to the enterprise market, enabling organizations to customize AI for their specific needs and workflows.