OpenAI announced on May 27 that it has launched the Secure MCP Tunnel service, allowing ChatGPT, Codex, and the Responses API to directly connect to private MCP servers within an enterprise network. OpenAI’s official support enables enterprises to deploy a single MCP server setup, which can be accessed by both ChatGPT and Claude systems.
Reverse-connection architecture: how tunnel-client builds a connection from inside the intranet
The core component of Secure MCP Tunnel is tunnel-client, which is deployed on an internal network host that can access the private MCP server. tunnel-client proactively connects outward via HTTPS to OpenAI’s control plane (api.openai.com:443 or mtls.api.openai.com:443). It uses long polling to retrieve MCP requests queued on the OpenAI side, forwards them to the internal MCP server in JSON-RPC format, and routes responses back along the same connection. The entire architecture requires no inbound ports to be opened on the firewall, and no public network listener needs to be configured for the MCP server.
Enterprise security options supported include: outbound proxy, custom CA bundle, control plane mTLS, and MCP-side mTLS; identity authentication uses an API key at runtime, leveraging existing permissions for the organization and workspace.
Three deployment modes
The tunnel-client deployment options listed in OpenAI’s official documentation:
Kubernetes sidecar: deployed in the same Pod as the MCP server
Independent Kubernetes deployment: run in a separate Pod
VM or systemd service: deployed directly on the host
MCP protocol status: ChatGPT and Claude share the same enterprise intranet MCP server
MCP was introduced by Anthropic and is an open-source protocol natively supported by the Claude system. OpenAI’s official integration means enterprises only need to deploy one MCP server to be accessed by both ChatGPT and Claude, without maintaining separate tool-integration layers for different AI platforms. On the same day, Robinhood also enabled AI agent ordering via MCP, a concrete example of MCP expanding from developer tools into the financial industry.
FAQ
How does Secure MCP Tunnel establish a connection without opening inbound firewall ports?
With tunnel-client deployed inside the enterprise network, it proactively initiates an HTTPS connection to OpenAI’s control plane. It continuously receives requests via long polling and forwards them to the internal MCP server. Since all connections are initiated from the internal network outward, the firewall does not need to open any inbound connection ports.
Which OpenAI products does Secure MCP Tunnel currently support?
According to OpenAI developer documentation, it currently supports ChatGPT (by selecting a private MCP server in the connector configuration), Codex, and the Responses API.
What is MCP, and why is OpenAI’s addition of it industry-relevant?
MCP (Model Context Protocol) is an open-source protocol introduced by Anthropic that allows AI models to call external tools and data sources in a standardized way. OpenAI’s official support means enterprises can deploy a single MCP server and be accessed by multiple AI platforms, reducing cross-platform integration costs.
