Challenge
As a global automation intelligence platform leader with operations across the US, Europe, and Asia, the organization was preparing to deploy ChatGPT Enterprise to drive productivity and innovation across multiple departments.
With plans to enable teams to build custom GPT agents for specific business problems, leadership recognized a critical need before deployment: ensure custom GPT agents would connect securely to enterprise data as adoption scaled.
Before rolling out ChatGPT Enterprise, the organization needed to address three key concerns:
1. Understanding Future AI Agent Landscape
Teams would be building custom GPTs to solve business problems, but leadership needed visibility into what agents would be created, what data they would connect to, and how to maintain that visibility as usage grew.
2. Assessing Agent Risk Proactively
With custom GPT agents potentially connecting to sensitive data sources and being shared across teams, the organization needed to understand configuration risks before widespread adoption ─ not after.
3. Establishing Scalable Governance Framework
The IT and security teams needed an efficient approach to ensure appropriate data access controls from day one, without becoming a bottleneck as teams built more agents.
The organization wanted to move forward confidently with ChatGPT Enterprise deployment, but only after establishing appropriate data security controls that wouldn’t slow down innovation or overwhelm
internal teams.
Solution
Before deploying ChatGPT Enterprise broadly, the organization partnered with Opsin Security to proactively establish AI agent governance and automated controls that would scale with adoption.
➡️ Discover AI Agents and Data Connections
Opsin ran an automated assessment during the pilot phase and helped the organization discover hundreds of custom GPTs that teams were building to boost productivity across departments. For each agent, Opsin identified what sensitive data sources they connected to and classified them by business criticality based on whether they accessed PII, financial information, or confidential documents, and whether they were designed to process and share sensitive or regulated data. This business-criticality classification revealed which agents would require proper governance and remediation, a focused subset of the hundreds running, rather than treating all agents equally.
➡️ Assess Configuration and Risk
For the agents identified as business-critical, Opsin analyzed risk factors including who the agent was shared with (individual, team, or organization-wide), what data connections were configured, and which configuration settings created potential exposure risks. Each issue included clear context explaining what happened, why it’s a risk, and how to remediate, with actionable, prioritized insights focusing security efforts on the highest-impact agents.
➡️ Establish Decentralized Governance Framework
Rather than centralizing all agent governance with IT, Opsin established a framework where custom GPT owners would receive context and step-by-step guidance to address configuration issues themselves. This created organizational accountability for risk reduction and enabled ChatGPT Enterprise governance to scale from the start. Continuous monitoring was configured to track interactions with custom GPTs and identify risky usage patterns that could lead to data exfiltration or unintended exposure.
Results
✅ Proactive visibility into hundreds of custom GPTs before broad deployment with focused governance on business-critical agents.
✅ Business-criticality classification established to focus security efforts on highest-impact agents rather than all agents equally.
✅ Risk-based framework with actionable remediation guidance for agents that matter most.
✅ Decentralized governance model ready to enable custom GPT owners to address risks at scale.
✅ Continuous monitoring configured for risky interactions in ChatGPT Enterprise and all custom GPT agents.
✅ Confident deployment of ChatGPT Enterprise, rolled out with governance framework in place from day one.
Moving Forward
With proactive governance established before broad deployment, the organization is now confidently expanding ChatGPT Enterprise adoption across additional departments and use cases. Continuous monitoring actively tracks interactions with ChatGPT and custom GPTs to spot suspicious behavior and potential misuse, ensuring data remains appropriately protected as teams build and deploy more AI agents across the organization.
