All resources

Agent Ops

Shared workspace agents need operating owners before they become team infrastructure

Shared AI agents are moving into Slack, reports, CRM and internal workflows. Before rollout, decide ownership, access, approvals, cost and review.

12 July 2026 7 min read Rettare
AI agentsAgent OpsAI governanceworkflow automationSlack automation

Shared workspace agents are no longer just a better personal assistant. They are becoming reusable team infrastructure: agents that can follow a process, use connected tools, work in Slack, prepare reports, update records, and ask for approval before sensitive steps. The buyer question is no longer "can we build an agent?" It is "who owns this agent once the team depends on it?"

For operations leaders, this is where the risk and value both sit. A shared agent can compress repetitive coordination work, but it also creates new questions: who can edit it, what actions need approval, how usage is reviewed, and when it should be paused.

Source: OpenAI describes workspace agents as shared agents for complex tasks and long-running workflows that can use team processes, ask for approval when needed, and operate across ChatGPT and Slack. Its help documentation also defines owner, editor and chat-only access levels, plus warnings around Slack shared connections, service accounts, least privilege and write-action safety. See Introducing workspace agents in ChatGPT and ChatGPT Workspace Agents for Enterprise and Business.

What changed with shared workspace agents?

The practical change is that agents are becoming collaborative assets, not private productivity hacks. One person can build an agent, but it may then be shared with a team, added to Slack, maintained by multiple editors, and connected to operational data.

That matters because team infrastructure needs an operating model. A report agent needs a data owner, a review owner and a failure path. A lead follow-up agent needs a qualification rubric, CRM boundaries and email approval rules.

OpenAI's launch examples include agents for product feedback routing, weekly metrics reporting, lead outreach, third-party risk management and software-request review. Those are useful workflows, but unclear ownership can create bad handoffs, stale instructions or uncontrolled action access.

Source: OpenAI's workspace-agent announcement lists examples such as Product Feedback Router, Weekly Metrics Reporter, Lead Outreach Agent, Third-Party Risk Manager and Software Reviewer, and says teams can share agents in ChatGPT or Slack. See Introducing workspace agents in ChatGPT.

The ownership model should come before the build

A shared agent needs one accountable operating owner. That does not mean one person does every edit. It means one person is responsible for whether the agent is fit for use, who can change it, what it can access, and when it should be paused.

A practical ownership model should answer five questions before rollout:

DecisionWhat to define before launch
Operating ownerThe person accountable for the agent's purpose, quality bar and lifecycle
EditorsWho can change instructions, files, tools, skills and published versions
UsersWhich people or groups can use the agent, and in which channels
Action authorityWhat the agent can read, draft, create, update or send
Review rhythmHow usage, failures, cost, data access and improvements are reviewed

OpenAI's access model makes this distinction visible. "Can chat" allows use and configuration visibility. "Can edit" allows editing shared drafts and publishing versions. The owner controls permission management, workspace distribution and deletion.

Source: OpenAI's workspace-agent help page defines "Can chat", "Can edit" and "Owner" access levels, explains owner-only controls, and notes that simultaneous edits are not merged in real time. See ChatGPT Workspace Agents for Enterprise and Business.

Slack changes the risk profile

Slack is where many teams already coordinate exceptions, requests and approvals. Putting an agent into that surface can be useful because the agent meets work where it happens. It also means the agent may be invoked by more people, in messier context, and closer to live operational decisions.

The main risk is not that an agent answers a question. The risk is that a shared agent uses a connected app, personal credential or broad connector in a channel where the audience, data and action boundary have not been thought through.

Source: OpenAI's June 2026 Business release notes say ChatGPT Business workspaces can use Slack connector actions such as joining a channel, creating a reminder, uploading a file or updating a Slack profile, with some actions requiring additional OAuth scopes or admin approval. See ChatGPT Business release notes.

Before a Slack deployment, treat the channel as part of the control design. Decide which channel the agent belongs in, whether a service account is required, what data classes are out of bounds, and what actions need human approval.

Usage, cost and quality need a monthly operating review

Shared agents create a management surface. Leaders need to know whether an agent is being used, failing quietly, producing reviewable work, connected to appropriate data sources, and justified by workflow value.

That requires a small operating review:

  • Which people or teams used it?
  • What actions did it take or request approval for?
  • What failed, stalled or required manual rescue?
  • What did it cost, and what workflow value did it support?
  • Should the agent be scaled, redesigned, restricted or retired?

OpenAI's own platform direction points this way. Workspace-agent analytics show completed runs and user counts. OpenAI Frontier describes enterprise agent governance through identity and access management, explicit permissions, auditable actions, observability and detailed logs.

Sources: OpenAI says workspace-agent analytics help teams see completed runs and user counts, with admin visibility into configurations, updates and runs through the Compliance API. OpenAI Frontier describes agent identity and access management, auditable actions, observability and detailed logs as enterprise trust features. See Introducing workspace agents in ChatGPT and OpenAI Frontier.

Cost belongs in the same review. OpenAI's July 2026 Business release notes say Workspace Agent runs now use token-based pricing, with credit use based on input, cached input and output tokens. That makes agent usage a workflow-level economics question: whether the agent is compressing the right work, with the right control, at a cost the owner understands.

Source: OpenAI's July 6, 2026 Business release notes state that Workspace Agent runs use token-based pricing based on input tokens, cached input tokens and output tokens. See ChatGPT Business release notes.

Human accountability is still the design pattern

The stronger pattern is delegated execution with retained human accountability. The agent can gather context, draft outputs, route work and prepare evidence. People still set intent, judge the output, approve sensitive actions, and own the result.

Microsoft's 2026 Work Trend Index is useful here because it separates individual tool use from organisational readiness. Microsoft surveyed 20,000 AI-using workers across 10 countries and found organisational factors account for twice the reported AI impact of individual effort alone. The same report says 86% of AI users treat AI output as a starting point rather than a final answer, and 50% say quality control of AI output is more important as AI takes on more work.

Source: Microsoft WorkLab, Agents, human agency, and the opportunity for every organization, 5 May 2026.

That is the operating lesson. Shared agents move management work upstream into workflow design, permissioning, review standards, evidence requirements and ownership.

An Agent Ops checklist for shared workspace agents

Before a shared agent becomes part of team workflow, Rettare would look for a concrete evidence pack:

  1. A named operating owner and backup owner.
  2. A clear use-case statement and "not for" boundary.
  3. A list of users, editors, groups, channels and connectors.
  4. A write-action matrix that defines which actions are blocked, drafted, approval-gated or allowed.
  5. A source and evidence standard for outputs that affect decisions.
  6. A run log, incident path and pause or rollback trigger.
  7. A monthly review rhythm for usage, cost, failures and improvement backlog.

For Australian organisations, this also aligns with the direction of local responsible-AI guidance. Australia's Voluntary AI Safety Standard sets out 10 voluntary guardrails across the AI supply chain, including transparency and accountability requirements for developers and deployers. Shared agents are exactly the kind of deployment where those requirements need to become operating routines, not policy language sitting elsewhere.

Source: Australian Department of Industry, Science and Resources, Voluntary AI Safety Standard, accessed 12 July 2026.

Where Rettare starts

Rettare's view is simple: build the operating layer before the agent becomes invisible infrastructure.

That means choosing one workflow, defining the owner, mapping the action boundary, setting approval points, logging runs, and reviewing real use before expanding.

The best first agent is usually not the most impressive demo. It is a repeatable workflow where inputs are known, quality can be reviewed, action authority can be bounded, and the owner can see whether the agent is improving the work.

References