OpenAI Launches Secure MCP Tunnels to Connect Agents to Private Data

May 27, 2026

OpenAI launched Secure MCP Tunnel, a networking capability that connects private Model Context Protocol (MCP) servers to ChatGPT and the OpenAI API without exposing them to the public internet. A local tunnel-client initiates an outbound-only HTTPS connection to OpenAI, polling for requests and forwarding them to internal tools.

Connection type: Outbound-only HTTPS
Authentication: Workload Identity Federation (IAM)
Supported IAM: AWS, Azure, Google Cloud, and others
Admin controls: Spend alerts, model allowlists, data retention
Availability: OpenAI Platform, ChatGPT

This move addresses the primary security hurdle for enterprise agent adoption: private data access. It complements OpenAI's WebSocket-based Responses API by providing a secure path for agent loops to reach sensitive corporate resources without complex VPN configurations or the risks associated with opening inbound firewall ports.

OpenAI also introduced Workload Identity Federation to replace permanent API keys with cloud-native IAM roles from AWS, Azure, and GCP. These features are live on the OpenAI Platform, where administrators can also use the expanded Admin API to programmatically manage spend alerts and model allowlists across enterprise projects.

View the full update on developers.openai.com

OpenAI Developers

@OpenAIDevs5h ago

Private MCP servers 🤝 OpenAI products Your team can keep MCP servers inside your network while ChatGPT, Codex, and the Responses API connect through outbound-only HTTPS. 🔗 https://t.co/UVq0KpT0km https://t.co/uMsQJJK9ho

1001.4k

View on X

Still wondering? A few quick answers below.

Secure MCP Tunnel is a networking tool that connects private or on-premises Model Context Protocol servers to OpenAI products like ChatGPT and Codex. It uses an outbound-only HTTPS connection from inside a user's network to OpenAI, allowing AI agents to interact with internal data and tools without exposing them to the public internet.

The tunnel-client runs inside a private network and initiates an outbound connection to the OpenAI control plane. It long-polls for queued Model Context Protocol requests from OpenAI products, forwards those requests to the local private server, and returns the responses through the same secure tunnel. This architecture eliminates the need for inbound firewall ports.

The host running the tunnel-client must have outbound HTTPS access to api.openai.com on port 443. It also needs local reachability to the private Model Context Protocol server via stdio or HTTP. Because the connection is outbound-only, the internal network does not require a public listener or any inbound internet access to function.

Workload Identity Federation allows teams to use cloud-based identity management instead of permanent API keys to authenticate with OpenAI. It supports IAM workflows from providers like AWS, Azure, Google Cloud, and Kubernetes. This reduces security risks by allowing services to exchange short-lived tokens for access rather than distributing long-term credentials across different environments.

Secure MCP Tunnels are currently supported for use with ChatGPT, Codex, and the Responses API. Developers can manage these tunnel endpoints through the OpenAI Platform settings and then connect them to specific custom connectors in ChatGPT or use them as targets within supported API flows to ground agents in private data.