TW Tony Wood
Back to My First Agent

Safety before keys

Do the small safety work before real data.

Before keys, connectors, source folders, or business data, set the practical limits that stop a demo becoming uncontrolled work.

Open the safety list What comes next

Before using real business material

Start with limits, not trust.

1

Set a spend boundary

Set a monthly budget or payment limit where the provider offers one, and use usage alerts or a usage dashboard.

2

Check training and data-sharing controls

Know whether conversations, tasks, or feedback can be used to improve models before you add real material.

3

Use fake or safe data first

A live demo should use public, synthetic, or harmless information. Do not use customer, member, payment, medical, HR, or confidential data.

4

Read first

The first useful agent usually reads selected sources and drafts an output. It should not send, update, delete, pay, or approve.

5

Leave evidence

Require source notes, assumptions, gaps, changed files, and review points so the human can see what happened.

OpenAI notes

Checked against official OpenAI pages on June 10, 2026.

OpenAI says API users can set a monthly budget in billing settings, with a possible delay in enforcement, and can also configure email notification thresholds. Check OpenAI API pricing and budget notes.

For ChatGPT, OpenAI's Data Controls FAQ says signed-in users can go to Settings, then Data Controls, and turn off Improve the model for everyone so chats still appear in history but are not used to train ChatGPT. Read the Data Controls FAQ.

OpenAI's data-use FAQ also says business products, including ChatGPT Business, ChatGPT Enterprise, and the API Platform, are not used for training by default unless an organisation explicitly opts in. Read OpenAI's data-use FAQ.

Permission boundary

The first useful agent usually lives at read and draft.

May read

Selected public or internal-approved context for this workflow.

May draft

Briefs, checklists, summaries, questions, review packs, and first versions.

May not change

CRM, finance, production, contracts, official records, messages, permissions, or payments.

Must stop

When the source is missing, the instruction conflicts, the data is sensitive, or the next action would affect a real person or system.