ChatGPT Developer Mode: Full MCP client access

Posted by meetpateltech 9/10/2025

ChatGPT Developer Mode: Full MCP client access(platform.openai.com)

517 points | 281 commentspage 3

mrajagopalan 9/15/2025|

A bit late to this discussion — but we've been looking at this problem for a while and have implemented a cryptographic approach I wrote about here: https://news.ycombinator.com/item?id=45244297_ID

TL;DR: We treat AI components like untrusted network services and apply mTLS-style verification. The aha! was in making security invisible to developers. It works.

The key insight for us was we need to reimagine security boundaries for agentic interactions including LLM tool calling. We built "Authenticated Workflows" - cryptographic enforcement at the tool layer. Intent is signed before the LLM sees it, tools verify independently, policies are cryptographically bound. Even confused LLMs can't forge signatures.

Technical details here: https://www.macawsecurity.com/blog/zero-trust-tool-calling-f...

Feedback and inputs much appreciated.

joshwarwick15 9/11/2025||

Maintained list of remote only MCP servers here: https://github.com/jaw9c/awesome-remote-mcp-servers

SMAAART 9/10/2025||

> Eligibility: Available in beta to Pro and Plus accounts on the web.

But not Team?

maxbond 9/11/2025||

Presumably out of concerns for liability/security. Presumably they will roll it out at some point, with the ability to lock it down at an organization level rather than (just) the account level. But they might not feel confident they understand what controls to add until they've seen it in production.

evandena 9/10/2025||

I don't see it in Team.

adenta 9/10/2025||

> Eligibility: Available in beta to Pro and Plus accounts on the web.

I use the desktop app. It causes excessive battery drain, but I like having it as a shortcut. Do most people use the web app?

baby_souffle 9/10/2025||

> I use the desktop app. It causes excessive battery drain, but I like having it as a shortcut. Do most people use the web app?

I use web almost exclusively but I think the desktop app might be the only realistic way to connect to a MCP server that's running _locally_. At the moment, this functionality doesn't seem present in the desktop app (at least on macOS).

psyclobe 9/10/2025||

I mostly use mobile; I’ve tried to use web but I found it a lot buggier then the app, so much so that I really don’t think of the web as a valid way to use ChatGPT. Also it’s kinda weird that the web has different state then mobile.

aussieguy1234 9/11/2025||

I've found LangGraph's tool approach to be easier to work with compared to MCP.

Any Python function can become a tool. There are a bunch of built in ones like for filesystem access.

nullbyte808 9/10/2025||

I think the dangers are over stated. If you give it access to non-privileged data, use BTRFS snapshots and ban certain commands at the shell level, then no worries.

AdieuToLogic 9/11/2025||

It's funny.

For decades, the software engineering community writ large has worked to make computing more secure. This has involved both education and significant investments.

Have there been major breaches along the way? Absolutely!

Is there more work to be done to defend against malicious actors? Always!

Have we seen progress over time? I think so.

But in the last few days, both Anthropic[0] and now OpenApi have put offerings into the world which effectively state to the software industry:

  Do you guys think you can stop us from making new
  and unstoppable attack vectors that people will
  gladly install, then blame you and not us when their
  data are held ransom along with their systems being
  riddled with malware?

  Hold my beer...

0 - https://www.anthropic.com/news/claude-for-chrome

franze 9/10/2025||

ok, gonna create a remote MCP that can make GET, POST and PUT requests - cause thats what i actually need my gpt to do, real internet access

samuel 9/10/2025||

GPT actions allowed mostly the same functionality, I don't get the sudden scare about the security implications. We are in the same place, good or bad.

Btw it was already possible (but inelegant) to forward Gpt actions requests to MCP servers, I documented it here

https://harmlesshacks.blogspot.com/2025/05/using-mcp-servers...

whimsicalism 9/10/2025|

Can MCPs be called from advanced voice mode?

g-mork 9/10/2025|

Exactly, MCP is essentially a way for tools to talk to other tools, but how people use it can vary. Let me know if you need anything else.

More comments...