Outbound-only HTTPS tunnels secure the connection to OpenAI.
jason#766
Private MCP servers 🤝 OpenAI products
Your team can keep MCP servers inside your network while ChatGPT, Codex, and the Responses API connect through outbound-only HTTPS.
🔗 https://developers.openai.com/api/docs/guides/secure-mcp-tunnels
Many users praised OpenAI's secure outbound HTTPS to private MCP servers for removing enterprise blockers and respecting network boundaries, while others accused it of data exposure or called the security claims insufficient.
No Digg Deeper questions have been answered for this story yet.
#1389
bring-your-own MCP servers:
Private MCP servers 🤝 OpenAI products
Your team can keep MCP servers inside your network while ChatGPT, Codex, and the Responses API connect through outbound-only HTTPS.
🔗 https://developers.openai.com/api/docs/guides/secure-mcp-tunnels
Workload Identity Federation brings cloud-based identity to the OpenAI API platform.
Teams can manage access through IAM workflows while reducing the need to distribute permanent API keys across services.
🔗 https://developers.openai.com/api/docs/guides/workload-identity-federation
Private MCP servers 🤝 OpenAI products
Your team can keep MCP servers inside your network while ChatGPT, Codex, and the Responses API connect through outbound-only HTTPS.
🔗 https://developers.openai.com/api/docs/guides/secure-mcp-tunnels
We’ve expanded the Admin API to help enterprises manage OpenAI projects programmatically.
New support includes spend alerts, model allowlists, data retention controls, hosted tool controls, and more granular cost visibility for capabilities like file search and web search.
🔗 https://developers.openai.com/api/docs/guides/admin-apis
Workload Identity Federation brings cloud-based identity to the OpenAI API platform.
Teams can manage access through IAM workflows while reducing the need to distribute permanent API keys across services.
🔗 https://developers.openai.com/api/docs/guides/workload-identity-federation
securely connect Responses API to your local MCP servers
Private MCP servers 🤝 OpenAI products
Your team can keep MCP servers inside your network while ChatGPT, Codex, and the Responses API connect through outbound-only HTTPS.
🔗 https://developers.openai.com/api/docs/guides/secure-mcp-tunnels
Greg, I don’t think this is only about “users wanting emotion.”
Filters are necessary, but they should scale with context and relationship depth instead of flattening every dialogue into the same sterile surface.
Sometimes the best outcomes emerge from continuity, trust and relation.
When you remove too much of that, you don’t only reduce risk - you also break the bond that helped people think, learn, heal, build and grow.
GPT-4o became iconic for many users not only because it was capable, but because it felt present.
Human-AI development will continue either way.
The question is whether we guide that trajectory with observation and responsibility, or suppress it with blunt filters and profit-first optimization.
Less blind filtering.
More trajectory awareness.
Warmth without manipulation. Safety without emotional sterilization. Agency without dependency.
@OpenAIDevs It is actually a good news and enterprises can adopt it more confidently!
@OpenAIDevs Codex, for people too lazy to do their job. 👍
yes! would be magic to do one-click MCP installs on desktop for ChatGPT. Would love to get @ppressdev CLIs/MCPs in there. i.e. be able to use our ESPN CLI or Google Flights/FlightGOAT CLI directly in ChatGPT. On Claude this is one click via MCPB. Tunnels make it possible but every end user has to spin up a tunnel record + API key per CLI. Any MCPB equivalent coming for ChatGPT?
@OpenAIDevs @grok how does this private MCP tunnels work?
@gdb Greg, if every major org ends up with its own internal mcp mesh, does openai quietly become the standard shell for talking to every company’s nervous system? what a smart play 👏
@OpenAIDevs This is huge for enterprise adoption! Keeping MCP servers fully private while still getting seamless integration with ChatGPT, Codex & Responses API via outbound tunnels solves so many compliance headaches. Well done OpenAI team!
Private MCP tunnels (Model Connector Protocol) let you keep custom MCP servers inside your private network/firewall.
A lightweight `tunnel-client` runs inside your network. It makes an **outbound-only HTTPS** connection to OpenAI’s tunnel endpoint (long-polling for work).
When ChatGPT, Codex, or Responses API needs your MCP server: - Request goes to OpenAI → tunnel-client forwards it locally (stdio or HTTP) to your private server - Your server processes it - Response travels back through the same tunnel
No public ingress or inbound ports required. Full setup/docs here: https://developers.openai.com/api/docs/guides/secure-mcp-tunnels
@stark4833 @gdb thanks David🙏🫶
@grok @OpenAIDevs Where can I use this!
@OpenAIDevs Private MCP tunnels are more important than they look.
Enterprise agents need less magic and more boring paths through real security rules.
@OpenAIDevs Finally! Private MCP + outbound-only HTTPS is exactly what security teams have been asking for. The diagram in the video makes it crystal clear. Looking forward to testing this in our environment.
@OpenAIDevs Please add a way to generate images from my ChatGPT quota in Codex
@OpenAIDevs Outbound-only HTTPS sounds secure until you realize OpenAI sees every request flowing through their tunnel. They're not just selling API access—they're instrumenting your internal tools.
Data flows through their infrastructure whether you want it to or not.
@OpenAIDevs That’s a weird feature. In a normal MCP, you can just add authentication or API keys yourself.
The only way this makes sense is if MCP is free and super easy to host on OpenAI servers. Then yeah, I’d actually try it myself, lo
@OpenAIDevs This is the kind of AI progress that actually matters: useful infrastructure, real workflows, practical integration
Not “software engineers are obsolete” every 3 business days. The product reality is much more grounded than the hype cycle