Developing AI agents has been a complex, time-consuming, and technically challenging task – but OpenAI’s new Agents SDK could change that. The new development kit allows you to build domain-specific agents that can collaborate, make decisions, and take on tasks in just a few hours. This is not only a technological advance but also raises serious legal and compliance issues as automated systems handle more and more sensitive data and operate more and more autonomously. In this article, we explore how to ensure rapid adoption while ensuring appropriate control, accountability, and transparency.

In recent years, OpenAI has made some revolutionary innovations in the field of Artificial Intelligence, with GPT models making the company widely known. Now, another major milestone has been reached: the introduction of the Agents SDK. This production-ready toolkit significantly accelerates and simplifies the development and deployment of intelligent software agents, making it much easier for organizations to integrate AI into real-world operations.

The interest in this technology is no coincidence, as such AI agents can take over a significant proportion of tasks that previously required human intervention, often more efficiently and quickly. Although, from a legal or corporate decision-making perspective, the more important question is within what framework and with what controls this can be achieved so that the system does not create legal, ethical or privacy risks.

It’s easy to imagine a corporate legal department with up to hundreds of contracts to review every month, identifying risks and checking relevant references – a job that used to be done mainly by lawyers and paralegals. While AI-based document analysis and data discovery algorithms have existed before, the concept behind the Agents SDK opens much broader possibilities by allowing the rapid creation and flexible orchestration of multiple agents specialized in different tasks. AI agents can be rapidly created to specialize in narrow areas of expertise and work efficiently in concert with each other. When an agent encounters an issue that is beyond its expertise, it automatically redirects the task to another, specifically optimized peer, so work can continue uninterrupted, more reliably and faster. This approach brings significant benefits to enterprise processes: tasks do not get stuck, minimal human review is required, and the collaboration of specialized AI systems ultimately ensures more accurate, higher quality output.

Not surprisingly, such automation options raise a range of legal issues. After all, the more data – especially personal or confidential information – passes through the system, the more important it becomes to ensure data protection and compliance. AI can only work effectively if it has access to the maximum amount of data possible, but this is only compatible with the regulatory principles of GDPR or even CCPA if appropriate limits and monitoring points are built in. One of the most important solutions in the Agents SDK is guardrails; essentially the ability to define predefined rules and protocols that then help minimize potential risks. For example, if an agent encounters data that is not necessary to perform a task, or if a user exceeds the limits deemed safe by the system, guardrails simply blocks, modifies, or reports the problem to the operators. This technical control can not only prevent malicious use but also helps prevent accidental overreach or data management incidents.

The principles of GDPR and CCPA include data minimization and purpose limitation. A system should only collect as much data as is strictly necessary for the specified purpose and should not store or process it for longer than is proportionate. Guardrails mechanisms support this very ethos, as built-in rules help users and developers define in advance when and how AI can access personal or sensitive information. In addition, the solution also provides the opportunity for human review if the system detects a task or request that seems suspicious or problematic within the given legal framework.

A key characteristic of AI-based agents is relative autonomy. This means that the system makes certain decisions or actions on its own, often without having all its details pre-configured. While this flexibility and creativity brings the greatest benefits (for example, an agent can solve an unexpected problem without human intervention), it also carries the risk of unexpected behavior.

AI “hallucinations” or incorrect answers can cause serious complications in practice, and this danger does not escape even the latest models. Although developers say that such errors are becoming less frequent, in fact, even new-generation language models give answers that contain false information in more than a third (37%) of cases – but this is presented as a real fact by the system. Moreover, there are “more advanced” versions that are even more misleading, and in smaller, more cost-effective versions, this error rate can be around 80%. Some researchers go even further and emphasize that even the best models in their current state are free from “hallucinations” only in about 35% of text creations. This clearly shows that while significant financial and technological resources are moving in the background, the models are still not guaranteed to provide consistently correct information. It is not difficult to imagine the problems that can arise if we combine this phenomenon with the autonomous “behavior” of the models, since, for example, errors can easily accumulate during multi-step or multi-turn problem solving.

How can this be countered? The first step is for developers and legal experts to jointly define the operating framework. For instance, what sources the agent can ask questions from, what topics they can access, and when they must indicate to a human that the task has been approved by someone. In addition, continuous monitoring of the system can be introduced, which monitors in real time what steps it is taking and can even block unwanted operations if necessary. This approach is also important because if incorrect answers do occur, operators know in which process and exactly what caused the error and can intervene in a timely manner if necessary. In this way – although today’s systems are far from perfect – at least the possibility of control and correction is at hand.

The incorporation of monitoring and bans is also unavoidable because, according to the law – especially under the new European Union Artificial Intelligence Regulation (AI Act, 2024/1689) – the human operator or the user of the system most often remains responsible for what the AI ​​agent does. The Regulation makes a clear distinction between the provider, the integrator and the end-user organization, but imposes clear obligations on all actors to ensure safe and lawful operation. The deployer, who integrates the AI system into its own processes, may also be held responsible for the actions performed by the AI, even if they are the result of automated decision-making. This reinforces the importance that systems can be monitored in real time and that appropriate safeguards are in place to prevent unwanted operation.

Meanwhile, new AI platforms or developers are emerging that take a different approach but essentially apply the same agent-based philosophy. One example is Emergence AI’s new system, which can automatically create and configure new agents in real time based on the nature of the work at hand. Instead of relying on fixed structures, the system dynamically builds a network of agents based on current needs, optimizing task performance. This approach allows AI agents to continuously adapt to changing circumstances without being constrained by a single, oversized model. Although it differs from the OpenAI Agents SDK in its functionality, the common denominator is that both systems rely on the collaboration of specialized components, avoiding the complexity of monolithic AI solutions. Experience shows that a modular approach – where each agent has detailed knowledge of a specific task – is a more flexible, efficient, and scalable approach.

Numerous studies and forecasts suggest that AI will become even more widespread in the next few years, even in areas that are currently still in the experimental phase. The direction of development is increasingly pointing towards systems that are dynamically created and reorganized in real time. This adaptive, flexible model clearly indicates the challenges that legal, data protection and ethical regulations must also face: the pace and complexity of AI development are often faster than the relevant legislation can keep up with it.

István ÜVEGES, PhD is a Computational Linguist researcher and developer at MONTANA Knowledge Management Ltd. and a researcher at the HUN-REN Centre for Social Sciences. His main interests include the social impacts of Artificial Intelligence (Machine Learning), the nature of Legal Language (legalese), the Plain Language Movement, and sentiment- and emotion analysis.