OpenAI Launches ChatGPT Library to Store Uploaded and Generated Files for Plus/Pro/Business Users
What Happened — OpenAI introduced the “ChatGPT Library,” a cloud‑based repository that automatically saves every file a user uploads or generates (images, PDFs, spreadsheets, etc.) during a chat session. The feature is gated to ChatGPT Plus, Pro, and Business plans and is unavailable in the EEA, Switzerland, and the UK.
Why It Matters for TPRM —
- Centralized storage expands the data footprint of a third‑party AI service, creating new vectors for data leakage or compliance exposure.
- Tiered access (paid plans only) may affect contract negotiations and cost‑benefit analyses for organizations relying on the free tier.
- Regional restrictions could impact multinational enterprises that must keep data within specific jurisdictions.
Who Is Affected — Enterprises across all sectors that embed ChatGPT into workflows (e.g., finance, legal, healthcare, tech) and that have upgraded to Plus/Pro/Business tiers.
Recommended Actions —
- Review your organization’s usage of ChatGPT and confirm that any uploaded or generated files are covered by existing data‑handling agreements.
- Verify that the library’s regional availability aligns with your data residency requirements; consider alternative tools for EEA/UK users.
- Update internal policies to classify files stored in the ChatGPT Library as “cloud‑hosted third‑party data” and apply appropriate encryption, access‑control, and retention controls.
Technical Notes — The library imposes size limits (≤ 512 MB per file; ≤ 50 MB for CSV/spreadsheets; ≤ 20 MB for images; text files capped at 2 M tokens). Access is only via the ChatGPT web UI; no API endpoint is currently exposed. No known CVEs or exploit vectors are associated with the feature at launch. Source: ZDNet Security