ChatGPT Developer Mode: Full MCP client access

Posted by meetpateltech 3 days ago

ChatGPT Developer Mode: Full MCP client access(platform.openai.com)

510 points | 279 commentspage 2

ranger_danger 3 days ago|

First the page gave me an error message. I refreshed and then it said my browser was "out of date" (read: fingerprint resistance is turned on). Turned that off and now I just get an endless captcha loop.

I give up.

dormento 3 days ago||

When you think about it, isn't it kind of a developer's experience?

brazukadev 2 days ago|||

OpenAI quality level

Nzen 3 days ago|||

tl;dr OpenAI provided, a default-disabled, beta MCP interface. It will allow a person to view and enable various MCP tools. It requires human approval of the tool responses, shown as raw json. This won't protect against misuse, so they warn the reader to check the json against unintended prompts / consequences / etc.

knowaveragejoe 3 days ago||

Same.

coderinsan 2 days ago||

“We’ve found numerous MCP exploits from the official MCPs in our blog (https://tramlines.io/blog) and have been powering runtime guardrails to defend against lethal trifecta MCP attacks for a while now (https://tramlines.io)

m3kw9 2 days ago|

Firewall for MCPs?

tosh 3 days ago||

I tried to connect our MCP (https://technicalseomcp.com) but got an error.

I don't see any debugging features yet

but I found an example implementation in the docs:

https://platform.openai.com/docs/mcp

lyu07282 2 days ago||

Lots of people reported issues in the forums weeks ago, seems like they haven't improved it much (what's the point of doing a beta if you ignore everyone reporting bugs?)

https://community.openai.com/t/error-oauth-step-when-connect...

brazukadev 2 days ago||

OpenAI is the biggest proof AI won't replace software engineers. They absolutely suck at shipping code

ayhanfuat 3 days ago||

What is the error you are getting? I get "Error fetching OAuth configuration" with an MCP server that I can connect to via Claude.

quinncom 2 days ago|||

I get this error trying to connect the Mapbox hosted MCP server:

    Something went wrong with setting up the connection

In the devtools, the request that failed was to `https://chatgpt.com/backend-api/aip/connectors/links/oauth/c...` which send this reply:

    Token exchange failed: 401, message='Unauthorized', url=URL('https://api.mapbox.com/oauth/access_token')

tosh 3 days ago|||

"error creating connector"

our MCP also works fine with Claude, Claude Code, Amp, lm studio and other but not all MCP clients

MCP spec and client implementations are a bit tricky when you're not using FastMCP (which we are not).

dougbarrett 2 days ago||

I wonder if it's a difference between SSE and HTTP streaming support? I've been working on a tool for devs to create their own MCP tools and built out support for both protocols because it was easier for me to support both protocols vs explaining why it's not working for one LLM client or another.

tosh 2 days ago||

Oh, that might be it!

Ours doesn’t support SSE.

mickael-kerjean 2 days ago||

mine does support SSE (https://github.com/mickael-kerjean/filestash) but it fails before getting there, with the log looking like this:

    2025/09/11 01:16:13 HTTP 200 GET    0.1ms /.well-known/oauth-authorization-server
    2025/09/11 01:16:13 HTTP 200 GET    2.5ms /
    2025/09/11 01:16:14 HTTP 404 GET    0.2ms /favicon.svg
    2025/09/11 01:16:14 HTTP 404 GET    0.2ms /favicon.png
    2025/09/11 01:16:14 HTTP 200 GET    0.2ms /favicon.ico
    2025/09/11 01:16:14 HTTP 200 GET    0.1ms /.well-known/oauth-authorization-server
    2025/09/11 01:16:15 HTTP 201 POST    0.3ms /mcp/register
    2025/09/11 01:16:27 HTTP 200 GET    1.4ms /

with the frontend showing: "Error creating connector" and the network call showing: { "detail": "1 validation error for RegisterOAuthClientResponse\n Input should be a valid dictionary or instance of RegisterOAuthClientResponse [type=model_type, input_value='{\"client_id\":\"ChatGPT.Dd...client_secret_basic\"}\\n', input_type=str]\n For further information visit https://errors.pydantic.dev/2.11/v/model_type" }

owenpalmer 2 days ago||

I'd love to use this with AnkiConnect, so I can have it make cards during conversations.

yaodao 2 days ago|

That's a so good idea

Depurator 2 days ago||

Is the focus on how dangerous mcp capabilities are a way to legitimize why they have been slow to adopt the mcp protocol? Or that they have internally scrapped their own response and finally caved to something that ideally would be a more security focused standard?

CGamesPlay 2 days ago||

I don't understand how this is dangerous. Can someone explain how this is different than just connecting the MCP normally and prompting it to use the same tools? I understand that this is just a "slightly more technical" means to access the same tools. What am I missing?

Two replies to this comment have failed to address my question. I must be missing something obvious. Does ChatGPT not have any MCP support outside of this, and I've just been living in an Anthropic-filled cave?

minznerjosh 2 days ago||

Yup. ChatGPT did not have proper MCP support until now. They only supported MCP for connecting Deep Research to additional data sources, and for that, your MCP server had to implement two specific tools that Deep Research is able to call.

What’s being released here is really just proper MCP support in ChatGPT (like Claude has had for ages now) though their instructions regarding needing to specific about which tools to use make me wonder how effective it will be compared to Claude. I assume it’s hidden behind “Developer Mode” to discourage the average ChatGPT user from using it given the risks around giving an LLM read/write access to potentially sensitive data.

simonw 2 days ago|||

If you have an MCP tool that can perform write actions and you use it in a context where an attacker may be able to sneak their own instructions into the model (classic prompt injection) that attacker can make that MCP tool do anything they want.

CGamesPlay 2 days ago||

How is this "developer mode" different than just connecting the MCP normally and prompt injecting it to use the same tools?

simonw 2 days ago||

It's no different. This just brings that unsafe anti-pattern to the ChatGPT consumer app itself - albeit hidden behind an option with a scary name that might hopefully discourage many users who don't understand the consequences from turning it on.

AdieuToLogic 2 days ago|||

> Two replies to this comment have failed to address my question. I must be missing something obvious.

Since one of these replies is mine, let me clarify.

From the documentation:

  When using developer mode, watch for prompt injections and 
  other risks, model mistakes on write actions that could 
  destroy data, and malicious MCPs that attempt to steal 
  information.

The first warning is equivalent to a SQL injection attack[0].

The second warning is equivalent to promoting untested code into production.

The last warning is equivalent to exposing SSH to the Internet, configured such that your account does not require a password to successfully establish a connection, and then hoping no one can guess your user name.

0 - https://owasp.org/www-community/attacks/SQL_Injection

AdieuToLogic 2 days ago||

> I don't understand how this is dangerous.

From literally the very first sentences in the linked resource:

  ChatGPT developer mode is a beta feature that provides full 
  Model Context Protocol (MCP) client support for all tools, 
  both read and write. It's powerful but dangerous ...

electric_muse 2 days ago||

The danger with this MCP story isn’t flexibility, it’s invisibility. Without centralized auditing and fine-grained provisioning, MCPs quickly sprawl into over-connected, over-privileged systems you can’t really control or see.

From what I’ve seen, most teams experimenting with MCP don’t grasp the risks. They are literally dropping auth tokens into plaintext config files.

The moment anything with file system access gets wired in, those tokens are up for grabs, and someone’s going to get burned.

mickdarling 2 days ago||

I've been using MCP servers with ChatGPT, but I've had to use external clients on the API. This works straight from the main client or on their website. That's a big win.

lherron 2 days ago||

Progress, but the real unlock will be local MCP/desktop client support. I don't have much interest in exposing all my local MCPs over the internet.

yalogin 2 days ago|

Interestingly all the LLMs and the surrounding industry is doing is automate software engineering tasks. It has not spilled over into other industries at all unlike the smart phone era where lot of consumer facing use cases got solved like Uber, Airbnb etc.. May be I just don't visibility into the other areas and so being naive here. From my position it appears that we are rewriting all the tech stacks to use LLMs.

ripped_britches 2 days ago|

I would disagree. What industry are you in? It’s being used a ton in medicine, legal, even minerals and mining

You know they have 1b WAU right?

brazukadev 2 days ago||

1bi people asking ChatGPT stupid questions won't reshape all industries like the internet and smartphones did

More comments...