Boss, attention! OpenAI launches MCP secure tunnel, enabling ChatGPT and Codex to connect to enterprise intranets

OpenAI announces the launch of the Secure MCP Tunnel service. This technology uses a reverse connection architecture, allowing models like ChatGPT to securely connect directly to private servers within enterprise intranets, without opening any inbound ports on firewalls.

On May 27, OpenAI announced the release of the Secure MCP Tunnel, enabling ChatGPT, Codex, and Responses API to connect to private MCP servers inside enterprise networks without exposing these servers to the public internet. According to OpenAI developer documentation, the entire design adopts a "one-way outward" reverse connection architecture, so enterprise firewalls do not need to open any inbound ports.

Reverse connection: tunnel-client connects from enterprise intranet to OpenAI

The core of Secure MCP Tunnel is a client program called tunnel-client, deployed on an internal network host that can access the private MCP server. It proactively connects outward via HTTPS to OpenAI’s control plane (api.openai.com:443 or mtls.api.openai.com:443), performs long polling to retrieve queued MCP requests from OpenAI, and forwards these requests as JSON-RPC to the internal MCP server, with responses returning along the same connection.

The entire architecture does not require opening any inbound ports on the firewall, nor does it need to configure the MCP server to listen on a public network, making it a relatively secure approach from a network security perspective.

Supported by ChatGPT, Codex, Responses API, can run on K8s sidecar or VM

This tunnel supports multiple OpenAI product integrations: ChatGPT can be configured to connect to a private MCP server in the connector settings, and both Codex and Responses API can also use it. OpenAI offers three deployment modes:

• Kubernetes sidecar (deployed in the same Pod as the MCP server)
• Standalone Kubernetes deployment
• VM or systemd service (deployed directly on the host)

Authentication is handled via runtime API keys, leveraging existing organization and workspace permissions; it also supports common enterprise network security options such as outbound proxies, custom CA bundles, control plane mTLS, and MCP-side mTLS.

MCP evolving from Claude-specific to cross-platform de facto standard

MCP (Model Context Protocol) was originally an open protocol led by Anthropic. OpenAI’s integration of enterprise intranet access into MCP support signifies that MCP has expanded from being "Claude-specific" to becoming one of the de facto standards across AI platforms. For enterprise IT, deploying an MCP server within the intranet will allow access from both ChatGPT and Claude systems, representing a key component for long-term AI toolchain compatibility.

Yesterday, Robinhood enabled AI agents to place orders on behalf of users via MCP, based on the same protocol, indicating that MCP is extending from developer tools into finance and enterprise IT.

• This article is reprinted with permission from：《Chain News》
• Original title: 《OpenAI Launches MCP Secure Tunnel: ChatGPT, Codex Connect to Enterprise Intranet》
• Original author: Elponcrab