OpenAI launches secure MCP tunnel: Connecting ChatGPT to enterprise intranets

📄Full Article· Automatically extracted by trafilaturaGemini 翻譯2089 words

OpenAI has officially launched the Secure MCP Tunnel, allowing enterprises' private MCP servers to connect with ChatGPT, the Responses API, and other OpenAI products—all without needing to open any inbound firewall ports. (Background: MCP, which connects everything, combined with Web3—can it become the next AI narrative with 100x potential?) (Context: Cloudflare launches Mesh to replace VPN: enabling AI agents to securely access your internal network, with 50 nodes provided free) One of the biggest fears enterprises have when adopting AI is: "If we want AI to access internal systems, we have to expose those systems to the external network first." OpenAI's new feature fills exactly this pain point. In its latest official developer documentation, OpenAI explains how the Secure MCP Tunnel works: enterprises' private MCP servers can connect with ChatGPT, Codex, the Responses API, and AgentKit, yet without opening any inbound port to the outside. Put simply, AI can read your home's data, but your home's door has never been opened. OpenAI co-founder Greg Brockman defined this feature as "bring-your-own MCP servers." ## A Tunnel That Only Goes Out, Never In MCP (Model Context Protocol) is the standard protocol that allows AI to call external tools and data. In plain terms, it's AI's "universal socket"—through MCP, models can retrieve data from external databases, trigger internal enterprise tools, and execute cross-system operations. But here's the problem: traditional architecture requires opening an inbound port (a port exposed to the outside) to let external services connect into the enterprise's internal network—meaning punching a hole in the firewall. This is the last thing security teams want to do. Here's a concrete scenario: a bank wants ChatGPT to be able to query its internal customer account database, so that bank tellers can directly ask in natural language, "What are this customer's transfer records over the past six months?" and the AI answers in real time. Or a hospital wants Codex to read its medical records system to help doctors quickly compile patients' medication histories. The problem is that this data cannot be put on the public internet—banks are bound by financial regulatory laws, and hospitals are protected by personal data protection laws. In the past, there were only two paths: either expose the internal database to the external network so the AI could connect directly (which security departments would veto outright), or build an entire bulky middle layer to shuttle data back and forth (high development cost, even more troublesome maintenance). OpenAI's MCP Tunnel offers a third path: AI can come in to fetch data, but the internal network's door doesn't open outward. The reason this path can pass enterprise security review is that its architecture aligns with the zero-trust principle. Put simply, no one is trusted by default, and every connection must verify identity before it can communicate. For heavily regulated industries like finance and healthcare, "not opening holes in the firewall" is not just convenient—it's a precondition for compliance. Many security policies explicitly prohibit opening inbound ports to the outside, and any architecture that bypasses this rule cannot pass IT audit. OpenAI's solution is a tool called tunnel-client, deployed within the enterprise's internal network at a position that can directly connect to the private MCP server. It does only one thing: establish an outbound-only HTTPS channel (where the internal network actively connects outward, without opening any door inward) to OpenAI, then continuously pull queued MCP work requests through long-poll (active polling—simply put, periodically asking "are there any new tasks?"), forward them locally to the private server, and finally send responses back to OpenAI through the same tunnel. Throughout the entire process, the private MCP server's address never leaves the enterprise's internal network boundary. Even for streaming intermediate results, the tunnel can forward server-sent events. The security model adopts an outbound-only architecture, paired with runtime API key authentication, and supports mTLS (mutual certificate authentication—both parties must present identity before communication can occur), can go through the control-plane channel at mtls.api.openai.com, and the MCP end itself can also add mTLS. Outbound proxies, custom CA bundles, and client certificates required in enterprise environments are all supported. Developers only need to obtain the tunnel_id from the Platform tunnel settings, pair it with a runtime API key that has the corresponding permissions, and then use the open-source tunnel-client tool to connect any private MCP server into OpenAI's product ecosystem via stdio or HTTP. ## Anthropic Is Also Betting on the Same Battlefield BlockTempo previously reported that Anthropic has also launched its own MCP tunnels, accompanied by self-hosted sandboxes (self-hosted sandboxes that allow AI agents to execute in environments controlled by the enterprise itself), focusing on locking down the security layer of AI agent infrastructure. Even earlier, Cloudflare launched Mesh, also intended to replace VPN and allow AI agents to securely access enterprise internal networks. From infrastructure vendors to model vendors, the entire industry is solving the same problem: "How do we let AI safely connect to the core systems of enterprises?" The business logic behind this question is straightforward. Enterprise customers don't use AI as a search engine—what they want is AI that can read internal CRM, query private databases, and trigger approval workflows. But once it needs to connect to the internal network, security becomes the first veto. Whoever can get the CISO to nod will win that enterprise contract. What the MCP Tunnel solves is precisely that veto from the CISO.

Data Status✓ Full text extractedRead Original (動區 BlockTempo)

🔍Historical Similar Events· Keyword + Asset Matching6 items

2026-05-21

OpenAI Codex officially lands on mobile! ChatGPT App can directly write code and review code

Similarity 170%關鍵字 chatgpt/openai同分類 zh

2026-05-16

OpenAI Consolidates Product Lines! Greg Brockman Simultaneously Takes Over ChatGPT, Codex, and the Developer API

Similarity 170%關鍵字 chatgpt/openai同分類 zh

2026-05-15

OpenAI launches "ChatGPT Personal Finance" feature: Connects to real bank accounts to help you calculate expenses and plan mortgages

Similarity 170%關鍵字 chatgpt/openai同分類 zh

2026-05-15