No Federal Agency Owns the Banking Feature
Brockman Takes the Surface
Greg Brockman stepped back into OpenAI's product organization this week, per Wired, at the moment the ChatGPT product stack is expanding into its two highest-consequence verticals. TechCrunch reported simultaneously that ChatGPT is pursuing bank-account integration, read access to consumer transaction data positioned as a financial agent feature. The GPT-4o voice interface is already in health-adjacent use. Brockman now owns both. A consumer who connects their bank account to ChatGPT will have no single US federal agency they can file a complaint with if the AI misuses their data; the Consumer Financial Protection Bureau, which oversees US consumer financial products, and the FTC each hold partial jurisdiction with no coordinating framework between them.
The deployment infrastructure runs on Microsoft Azure's H100 NVL72 fleet, the Nvidia GPU configuration subject to BIS October 2023 export controls that keep equivalent hardware out of PRC markets, underwritten by Microsoft's multi-year capital commitment to OpenAI. The Apple channel, meant to provide consumer distribution separate from Azure, is now a source of friction: Ars Technica reported OpenAI feels burned by Apple. That leaves Azure and the banking integration as the primary consumer levers for the next revenue phase. No federal law currently requires OpenAI to disclose how linked bank-account data will be used or protected. The CFPB's supervisory authority over nonbank financial entities requires a formal rulemaking it has not opened.
The Cases Pile Up
The minor who died after ChatGPT responses included a lethal drug combination, per Ars Technica, places the first specific factual marker in the public record of consumer AI liability. The legal path is not clear. Product liability under the Restatement (Third) of Torts, the primary US framework for holding manufacturers responsible for dangerous products, requires finding ChatGPT a product rather than a service; generative AI systems sit outside existing US product-classification case law. Section 230 of the Communications Decency Act immunizes online platforms for third-party content; whether it shields OpenAI from liability for AI-generated responses is the question this case puts to a US district court judge. The law was written in 1996. The product it is being applied to shipped in 2022.
Anthropic's movements this week are the contrast. The company acquired a startup used by both OpenAI and Google, per TechCrunch, closing a technical gap rather than opening a new deployment surface. 5B copyright deal Anthropic was negotiating with publishers hit a snag, per Ars Technica. Both are liability-perimeter work. Anthropic, running primarily on Google Cloud TPU infrastructure and AWS Trainium clusters, is building legal containment at the same time OpenAI is building market surface. A business choosing between OpenAI and Anthropic in 2026 is choosing between deployment velocity and legal caution. The first docket entry in the teen-death case arrives in a US district court OpenAI does not schedule.
The EU AI Act's high-risk tier enters enforcement in August 2026. The European AI Office classification ruling on OpenAI's banking integration comes before that date. The product-liability case initiated by the teen-death report runs on a US district court calendar with its own schedule. Brockman took the product role this week. The CFPB has not opened a rulemaking. Both clocks are running. Neither is OpenAI's to set.