FRESH

Hacker News

Home

ChatGPT Developer Mode: Full MCP client access

513 points by meetpateltech

by simonw

20 subcomments

Wow this is dangerous. I wonder how many people are going to turn this on without understanding the full scope of the risks it opens them up to.
It comes with plenty of warnings, but we all know how much attention people pay to those. I'm confident that the majority of people messing around with things like MCP still don't fully understand how prompt injection attacks work and why they are such a significant threat.

by mrajagopalan

0 subcomment

A bit late to this discussion — but we've been looking at this problem for a while and have implemented a cryptographic approach I wrote about here: https://news.ycombinator.com/item?id=45244297_ID
TL;DR: We treat AI components like untrusted network services and apply mTLS-style verification. The aha! was in making security invisible to developers. It works.
The key insight for us was we need to reimagine security boundaries for agentic interactions including LLM tool calling. We built "Authenticated Workflows" - cryptographic enforcement at the tool layer. Intent is signed before the LLM sees it, tools verify independently, policies are cryptographically bound. Even confused LLMs can't forge signatures.
Technical details here: https://www.macawsecurity.com/blog/zero-trust-tool-calling-f...
Feedback and inputs much appreciated.

by pton_xd

2 subcomments

AI companies: Agentic AI has been weaponized. AI models are now being used to perform sophisticated cyberattacks, not just advise on how to carry them out. We need regulation to mitigate these risks.
The same AI companies: here's a way to give AI full executable access to your personal data, enjoy!

by CuriouslyC

3 subcomments

I've been waiting for ChatGPT to get MCPs, this is pretty sweet. Next step is a local system control plane MCP to give it sandbox access/permission requests so I can use it as an agent from the web.

by RockyMcNuts

3 subcomments

OpenAI should probably consider:
- enabling local MCP in Desktop like Claude Desktop, not just server-side remote. (I don't think you can run a local server unless you expose it to their IP)
- having an MCP store where you can click on e.g. Figma to connect your account and start talking to it
- letting you easily connect to your own Agents SDK MCP servers deployed in their cloud
ChatGPT MCP support is underwhelming compared to Claude Desktop.

by asdev

0 subcomment

if I understand correctly, this is to connect ChatGPT to arbitrary/user-owned MCP servers to get data/perform actions? Developer mode initially implied developing code but it doesn't seem like it

by jumploops

3 subcomments

The title should be: "ChatGPT adds full MCP support"
Calling it "Developer Mode" is likely just to prevent non-technical users from doing dangerous things, given MCP's lack of security and the ease of prompt injection attacks.

by didibus

1 subcomments

Can someone be clear about what this is? Just MCP support to their CLI coding agent? Or is it MCP support to their online chatbot?

by 3vidence

0 subcomment

Personal opinion:
MCP for data retrieval is a much much better use case than MCPs for execution. All these tools are pretty unstable and usually lack reasonable security and protection.
Purely data retrieval based tasks lower the risk barrier and still provide a lot of utility.

by cahaya

1 subcomments

I tried adding Context7 Documentation MCP and got this
URL:https://mcp.context7.com/mcp Safety Scan: Passed
This MCP server can't be used by ChatGPT to search information because it doesn't implement our specification: search action not found https://platform.openai.com/docs/mcp#create-an-mcp-server

by zoba

0 subcomment

Thinking about what Jony Ive said about “owning the unintended consequence” of making screens ubiquitous, and how a voice controlled, completely integrated service could be that new computing paradigm Sam was talking about when he said “ You don’t get a new computing paradigm very often. There have been like only two in the last 50 years. … Let yourself be happy and surprised. It really is worth the wait.”
I suspect we’ll see stronger voice support, and deeper app integrations in the future. This is OpenAI dipping their toe in the water of the integrations part of the future Sam and Jony are imagining.

by ranger_danger

4 subcomments

First the page gave me an error message. I refreshed and then it said my browser was "out of date" (read: fingerprint resistance is turned on). Turned that off and now I just get an endless captcha loop.
I give up.

by coderinsan

1 subcomments

“We’ve found numerous MCP exploits from the official MCPs in our blog (https://tramlines.io/blog) and have been powering runtime guardrails to defend against lethal trifecta MCP attacks for a while now (https://tramlines.io)

by tosh

2 subcomments

I tried to connect our MCP (https://technicalseomcp.com) but got an error.
I don't see any debugging features yet
but I found an example implementation in the docs:
https://platform.openai.com/docs/mcp

by owenpalmer

1 subcomments

I'd love to use this with AnkiConnect, so I can have it make cards during conversations.

by Depurator

0 subcomment

Is the focus on how dangerous mcp capabilities are a way to legitimize why they have been slow to adopt the mcp protocol? Or that they have internally scrapped their own response and finally caved to something that ideally would be a more security focused standard?

by CGamesPlay

4 subcomments

I don't understand how this is dangerous. Can someone explain how this is different than just connecting the MCP normally and prompting it to use the same tools? I understand that this is just a "slightly more technical" means to access the same tools. What am I missing?
Two replies to this comment have failed to address my question. I must be missing something obvious. Does ChatGPT not have any MCP support outside of this, and I've just been living in an Anthropic-filled cave?

by mickdarling

0 subcomment

I've been using MCP servers with ChatGPT, but I've had to use external clients on the API. This works straight from the main client or on their website. That's a big win.

by lherron

0 subcomment

Progress, but the real unlock will be local MCP/desktop client support. I don't have much interest in exposing all my local MCPs over the internet.

by yalogin

1 subcomments

Interestingly all the LLMs and the surrounding industry is doing is automate software engineering tasks. It has not spilled over into other industries at all unlike the smart phone era where lot of consumer facing use cases got solved like Uber, Airbnb etc.. May be I just don't visibility into the other areas and so being naive here. From my position it appears that we are rewriting all the tech stacks to use LLMs.

by joshwarwick15

0 subcomment

Maintained list of remote only MCP servers here: https://github.com/jaw9c/awesome-remote-mcp-servers

by aussieguy1234

0 subcomment

I've found LangGraph's tool approach to be easier to work with compared to MCP.
Any Python function can become a tool. There are a bunch of built in ones like for filesystem access.

by SMAAART

2 subcomments

> Eligibility: Available in beta to Pro and Plus accounts on the web.
But not Team?

by adenta

2 subcomments

> Eligibility: Available in beta to Pro and Plus accounts on the web.
I use the desktop app. It causes excessive battery drain, but I like having it as a shortcut. Do most people use the web app?

by islewis

0 subcomment

> It's powerful but dangerous, and is intended for developers who understand how to safely configure and test connectors.
So... practically no one? My experience has been that almost everyone testing these cutting edge AI tools as they come out are more interested in new tool shinyness than safety or security.

by leonewton253

0 subcomment

I think the dangers are over stated. If you give it access to non-privileged data, use BTRFS snapshots and ban certain commands at the shell level, then no worries.

by AdieuToLogic

0 subcomment

It's funny.
For decades, the software engineering community writ large has worked to make computing more secure. This has involved both education and significant investments.
Have there been major breaches along the way? Absolutely!
Is there more work to be done to defend against malicious actors? Always!
Have we seen progress over time? I think so.
But in the last few days, both Anthropic[0] and now OpenApi have put offerings into the world which effectively state to the software industry:
```
  Do you guys think you can stop us from making new
  and unstoppable attack vectors that people will
  gladly install, then blame you and not us when their
  data are held ransom along with their systems being
  riddled with malware?

  Hold my beer...
```
0 - https://www.anthropic.com/news/claude-for-chrome

by franze

0 subcomment

ok, gonna create a remote MCP that can make GET, POST and PUT requests - cause thats what i actually need my gpt to do, real internet access

by samuel

0 subcomment

GPT actions allowed mostly the same functionality, I don't get the sudden scare about the security implications. We are in the same place, good or bad.
Btw it was already possible (but inelegant) to forward Gpt actions requests to MCP servers, I documented it here
https://harmlesshacks.blogspot.com/2025/05/using-mcp-servers...

by whimsicalism

1 subcomments

Can MCPs be called from advanced voice mode?

by jacooper

0 subcomment

The only thing missing now is support on mobile, then ChatGPT could be an actual assistant.

by nullbyte

1 subcomments

Dominos Pizza MCP would be sick

by Nizoss

0 subcomment

And here I am still waiting for some kind of hooks support for ChatGPT/Codex.

by giancarlostoro

0 subcomment

I wonder if this is going to be used by JetBrains AI in any capacity.

by meow_mix

4 subcomments

I'm confused and I'm a developer

by dgfitz

0 subcomment

"Hello? Yes, this is frog. 'Is the water getting warmer?' I can't tell, why do you ask?"

by HardCodedBias

0 subcomment

Eliezer Yudkowsky in shambles.
:)

by Daneel_

1 subcomments

Am I the only one who doesn’t know what MCP is/means? Of course I’m about to go look it up, but if someone can provide a brief description of what it is then I’d be very appreciative. Thanks!

by ionwake

0 subcomment

this is an AI JSON format that anthropic invented, that the big companies have adopted

by graphememes

0 subcomment

amazing, others have already shipped this, glad to see chatgpt joining the list

by eggn00dles

0 subcomment

im enabling skynet but plz admire the vocabulary i used in my post

by isjjsjjsnaiusj

1 subcomments

Zjjzzmmzmzkzkkz,z
Zmmzmzmzmmz

by HarHarVeryFunny

0 subcomment

As Trump just said, "Here we go!".
LLMs making arbitrary real-world actions via MCP.
What could possibly go wrong?
Only the good guys are going to get this, right?

by sharmi

0 subcomment

[dead]

by techlatest_net

0 subcomment

[dead]

by electric_muse

0 subcomment

[flagged]

by ath3nd

0 subcomment

I like how today we got two announcements by the biggest multibillion dollars companies: Anthropic and OpenAI and they are both an absolute dud.
Man, that path to AGI sure is boring.

by bethekidyouwant

0 subcomment

Create a pull request using "GitHub.open_pull_request" from branch "feat-retry" into "main" with title "Add retry logic" and body "…". Do not push directly to main.
-bwahaha