Connecting AI Engines to Company Knowledge
ChatGPT Company Knowledge: What It Does Well, Where It Falls Short, and What to Add for Decisions
ChatGPT company knowledge lets Business, Enterprise, and Edu workspaces search connected apps such as Slack, SharePoint, Google Drive, and GitHub, with citations and existing user permissions respected. It is a genuinely strong retrieval feature. The one thing to know before relying on it for decisions: it reports what your documents say, with no calibrated confidence, no abstention, and none of your company's decision logic, so verification still falls on people.
What is company knowledge in ChatGPT?
Company knowledge is the feature that turns ChatGPT from a general model into a workplace tool that can search your organization’s own sources. Available on the Business, Enterprise, and Edu plans, it lets ChatGPT search the apps your workspace has connected, including Slack, SharePoint, Google Drive, GitHub, and others, and fold what it finds into its answers. Per OpenAI’s documentation, answers come with citations, existing user permissions are respected, and the feature is powered by a version of GPT-5 tuned for this kind of work.
The name matters. OpenAI is positioning this as the way your company’s accumulated documents, threads, and files become available inside the chat window, without anyone pasting text in by hand. When company knowledge is active, ChatGPT stops being a model that only knows the public internet and starts being one that can quote your own project plan back to you, with a link to the source.
Two boundaries are worth knowing on day one. First, at launch the feature is web-only: the desktop and mobile apps are not supported yet, per OpenAI’s documentation. Second, while company knowledge is active, web browsing is disabled, so a given query runs against your connected sources rather than the open web. Neither is a flaw, but both shape how your team will actually use it.
This article reviews the feature on its own terms: what it is, how to set it up, what it genuinely does well, where its documented limits sit, and what has to be added above it before its output can carry decisions that cost real money when they go wrong. For the broader map of every route from ChatGPT to your files, including custom GPTs and the API, see the full guide to connecting ChatGPT to company files.
How do you enable and configure it?
The setup is admin-led and takes less time than the permission review that should precede it.
Step 1: confirm your plan. Company knowledge requires ChatGPT Business, Enterprise, or Edu. Individual Plus accounts do not have it. If your organization operates in a regulated industry, the Enterprise tier carries the heavier admin controls; the details are in our review of ChatGPT Enterprise for high-stakes industries.
Step 2: connect the apps. In the admin console, an administrator enables the apps the workspace may use. OpenAI renamed connectors to “apps” in December 2025, so older documentation may use either term for the same thing. The catalog covers the common enterprise sources, Slack, SharePoint, Google Drive, and GitHub among them. Each app connects through OAuth, and admins decide which apps are enabled at all, so the surface area is a deliberate choice rather than a default.
Step 3: handle custom sources. If your knowledge lives somewhere the catalog does not reach, custom MCP connectors are supported, with one requirement per OpenAI’s documentation: the connector must support search and fetch. A source that cannot be searched and retrieved from cannot participate in company knowledge.
Step 4: check data residency per app. Data residency support varies by app, per OpenAI’s documentation. If your compliance posture depends on where data is processed, verify each connected app individually rather than assuming a workspace-wide guarantee.
Step 5: let users toggle it on. Once apps are connected, users select company knowledge in the chat interface and ask questions the way they already do. ChatGPT searches the connected sources, and a sidebar shows the sources and snippets behind each answer, so the reader can see where a claim came from.
Step 6: pilot with one team before workspace-wide rollout. Pick a team whose questions have checkable answers, enable only the two or three apps that team actually uses, and have them compare a week of answers against the source documents. This surfaces both the wins and the permission surprises while the audience is still small, and it gives you a realistic picture of answer quality before the whole company starts treating the output as ground truth.
One configuration note that saves grief later: company knowledge respects existing user permissions. That is the right design, and it also means the feature can only be as clean as the permissions underneath it. A user who was quietly overshared into a sensitive folder three years ago can now find those files by asking a question in plain English. Run a sharing audit before enablement, not after the first surprise.
What it genuinely does well: citations, cross-app search, permission awareness
An honest review has to start with the strengths, because they are real.
Citations on answers. Every answer produced with company knowledge carries citations, and the sidebar shows the sources and snippets it drew from. This is a meaningful step past the blank assertion style of a generic chat. A reader who wants to check a claim has somewhere to click. Anyone who has tried to audit an uncited AI answer knows how much that matters.
Cross-app search in one place. The genuinely new capability is asking one question across Slack, SharePoint, Drive, and GitHub at once. The answer to “what did we decide about the retainer structure” may live half in a Slack thread and half in a document, and company knowledge can pull both into a single response. Before this feature, that was a human being doing twenty minutes of tab-switching.
Effort on conflicting details. Per OpenAI’s documentation, company knowledge can run multiple searches to resolve conflicting details rather than settling for the first passage it finds. When two sources disagree, it will often surface the disagreement instead of silently picking one. That behavior is more honest than most retrieval features manage.
Permission awareness. The feature respects existing user permissions: what a user cannot open, ChatGPT will not quote to them. Combined with admin control over which apps are enabled at all, this gives a workspace a real, if coarse, access story.
A strong model underneath. Company knowledge is powered by a version of GPT-5, so the summarization and synthesis on top of the retrieved material is as capable as anything on the market.
For the everyday questions that dominate actual usage, where did we say this, what does the latest version state, summarize the thread I missed, company knowledge is a genuine productivity gain, and teams that adopt it for that purpose tend to keep it. The evaluation question is not whether it works. It is whether what it does, retrieval with citations, is the same thing as what a decision needs. That distinction is where the rest of this review lives.
What are its documented limits?
The limits fall into two groups: launch-stage constraints that will likely shrink, and structural boundaries that define what the feature is. Organize them by the job you are hiring the feature to do.
If your job is asking questions from anywhere: company knowledge is web-only at launch. The desktop and mobile apps are not supported at first, per OpenAI’s documentation. A field team living on phones, or an engineering team living in the desktop app, will hit this immediately. It is a launch constraint, so check current release notes, but plan around it today.
If your job is combining internal and external evidence: while company knowledge is active, web browsing is disabled. A question like “how does our warranty term compare with the market” is really two queries, one internal and one external, run separately and joined by a person.
If your job is governing sensitive data: the permission model is inheritance, not policy. The feature respects the permissions your file stores already have, which means it also inherits every stale share and overbroad group membership in them. There is no way inside the feature to say “financial files are visible to finance roles only, regardless of what the folder sharing says.” Permission awareness is not permission control by file type and role.
If your job is compliance: data residency support varies by app, so a multi-source workspace can have a mixed residency picture that has to be verified app by app.
If your job is trusting the answer: citations tell you where a claim came from, not how strongly the evidence supports it. There is no confidence measure, and there is no abstention behavior: the feature does not return “your sources do not sufficiently answer this” as a first-class outcome. And because retrieval is probabilistic, the same question asked twice can rest on different passages and come back with different emphasis.
None of this diminishes what OpenAI shipped. These limits mark the edge of the retrieval job, done well, and the beginning of a different job: turning retrieved text into output an organization can act on. That second job is exactly where the opportunity sits, because a workspace that already has company knowledge running has finished the plumbing and can now add the layer that makes the output decision-grade.
Why retrieval quality is not decision quality
Here is the distinction this entire review turns on. Company knowledge answers the question “what do our documents say?” A decision needs the answer to a different question: “what should we do, given our rules, our history, and how much we trust these sources?”
Consider a concrete case. A project lead asks whether the company can commit to a 10-day delivery on a custom order. Company knowledge retrieves three relevant items: a 2023 operations memo saying minimum 15 days, a Slack message from last quarter where someone quotes 8 days for a similar job, and a current capacity report. It cites all three and produces a balanced summary. Good retrieval, faithfully done.
But the decision depends on things no retrieval feature holds. That the operations memo is binding policy and the Slack message is one person’s optimism. That commitments in writing follow the memo until the memo is revised. That when sources conflict at this stakes level, the answer should be “policy says 15 days, an exception needs operations sign-off,” not a synthesis of three viewpoints. That weighting of authority, recency, and context is the company’s decision logic, and company knowledge has nowhere to put it.
The same gap explains why the sidebar full of citations does not close the trust problem. Citations make an answer traceable. They do not make it calibrated. The feature expresses no measured confidence, so a conclusion resting on one stale Slack message arrives in the same voice as one resting on signed policy. And it never abstains: some answer will come back even when the honest response is that the sources are insufficient. Why the same question can produce different answers on different days is a deep enough problem to have its own article: why AI gives inconsistent answers.
“Company knowledge tells you what your documents say, and it does that well. A decision needs more: which document outranks which, how strong the support really is, and a straight signal when the sources are not there. Those are properties you add above the engine, not settings you find inside it.”
The Praxiron team
The cost of skipping this distinction shows up in the adoption data. MIT NANDA 2025 found that 95% of enterprise generative AI pilots showed no measurable P&L impact. PwC’s 2026 Global CEO Survey found 56% of 4,454 CEOs reporting no cost or revenue improvement from AI in the past 12 months. And in WRITER’s 2026 enterprise AI survey, only 29% of executives report significant organizational ROI from AI. S&P Global Market Intelligence 2025 adds the sharpest data point: 42% of companies abandoned most of their AI initiatives. Retrieval features keep getting better, and the numbers keep telling the same story, because the bottleneck was never finding the documents. It is what happens between the documents and the decision. The technical version of this argument, why retrieval alone cannot carry enterprise decisions no matter how good it gets, is laid out in RAG isn’t enough.
What a knowledge and control layer adds on top
The answer to the gap is not a different engine. It is a knowledge and control layer: a platform that sits between your company’s knowledge and the AI engines, and adds the properties retrieval does not have.
Decision DNA. Instead of a pile of searchable files, the company’s knowledge is structured deliberately: which documents are authoritative, which rules govern which situations, how your senior experts actually weigh the trade-offs. This decision DNA is an asset the company owns, and it is what lets an engine reason with your logic instead of just quoting your files.
Source references on every output. Every conclusion shows exactly which documents and knowledge it rests on, with what the sources say kept separate from what was concluded. Senior review becomes checking instead of redoing.
Calibrated confidence. Each output carries a calibrated confidence level that tracks how well the sources actually support the conclusion, and visibly drops when support thins. A reader can tell a policy-backed answer from a plausible guess without opening a single source.
Abstention. When the sources are insufficient, the platform says so and abstains. “No sufficient source” is a useful output: it marks the exact edge of the company’s knowledge instead of papering over it.
Permission control by file type and role. Access is governed by rules you set, by file type, role, and context, rather than inherited as-is from years of folder sharing.
Engine independence. The layer sits above the engines, so the same governed knowledge serves ChatGPT today and whatever engine earns a place tomorrow. Your decision DNA is not locked to one vendor’s roadmap.
Praxiron is a platform built as exactly this kind of layer, and it works with the engines rather than around them: company knowledge handles what OpenAI built it for, and the layer above turns retrieval into decisions the organization can check. If you want to see how source references, confidence, and abstention operate in practice, start with how the platform works.
Company knowledge alone vs. a knowledge and control layer
| Capability | ChatGPT company knowledge alone | With a knowledge and control layer |
|---|---|---|
| Source references | Citations with sources and snippets in the sidebar | Source references on every output, with document content separated from conclusions |
| Calibrated confidence | None; confidence is expressed in language, not measured | A confidence level that tracks source support and drops when support thins |
| Abstention when sources are insufficient | Not a designed behavior; an answer is generated | Explicit “no sufficient source” output marking the edge of company knowledge |
| Permission granularity by file type and role | Inherits existing app permissions as-is | Access rules by file type, role, and context, governed in one place |
| Consistency across repeated questions | Varies; retrieval is probabilistic across runs | Consistent by design; the same rules and sources govern every run |
| Engine independence | Tied to ChatGPT and the OpenAI stack | Sits above the engines; the same governed knowledge serves any of them |
Company knowledge is worth enabling, and the review above should make it clear why: real citations, real cross-app search, a real permission story. The point of the comparison is not that the feature falls short of its own goals. It is that its goal is retrieval, and decisions ask for more. Enable it for what it does well, then decide deliberately what will sit above it before its answers start carrying weight.
Frequently asked questions
Is ChatGPT company knowledge safe for sensitive documents?
It inherits the safeguards of the underlying plan: access runs through connected apps, existing user permissions are respected, and admins control which apps are enabled. The practical risk is inherited too: if permissions were already too broad, company knowledge makes overshared files instantly searchable. Review sharing hygiene before enabling it, and treat permission cleanup as part of the rollout, not an afterthought.
Which apps work with ChatGPT company knowledge?
At launch it searches connected apps including Slack, SharePoint, Google Drive, and GitHub, with more in the catalog. OpenAI renamed connectors to apps in December 2025, and custom sources can be added through MCP connectors as long as they support search and fetch. Admins decide which apps are enabled for a workspace, so the practical list depends on your configuration.
Does company knowledge work in the ChatGPT desktop app?
Not at launch. Per OpenAI's documentation, company knowledge is web-only when it ships, and the desktop and mobile apps are not supported at first. It also disables web browsing while active, so a query runs against your connected sources, not the open web. Check OpenAI's release notes for current platform support before planning a rollout around desktop workflows.
How does ChatGPT handle two documents that contradict each other?
Company knowledge can run multiple searches to resolve conflicting details, and it often surfaces the disagreement in its answer. What it cannot do is apply your rules for which document wins: the newer revision, the approved policy, the signed contract over the draft. Without an authority hierarchy you define, contradictions get summarized rather than resolved, and different runs can favor different sources.
Can ChatGPT tell me how confident it is in an answer?
It can express confidence in words, but that confidence is generated language, not a measured value. Nothing in company knowledge guarantees that a hedged answer is less reliable than an assured one. Calibrated confidence, a score that tracks how well your sources support the conclusion and visibly drops when support thins, is a property of a knowledge and control layer, not of the retrieval feature.