OpenAI has released Secure MPC Tunnel, allowing ChatGPT to securely "join" corporate intranets

According to Insight Beating monitoring, OpenAI has introduced Secure MCP Tunnels, addressing the compliance barriers that enterprises face when securely accessing on-premises sensitive data with large-scale models. The new solution allows enterprises to connect internal tools and databases to ChatGPT, Codex, and Responses API without exposing their IP addresses or opening inbound ports, thus eliminating the need to breach the network security posture by opening inbound channels on the firewall, a highly risky move under cybersecurity standards. The new tunnel only requires running an open-source client-side tool, tunnel-client, within the local network, maintaining communication through unidirectional outbound HTTPS connections, enabling cloud-based models to securely interact with on-premises tools without exposing the enterprise network perimeter.

From a security management perspective, the new solution keeps control firmly in the hands of the enterprise. In contrast to traditional network proxies that are prone to global leaks, the client tool supports granular "interface whitelisting" controls, allowing enterprises to restrict large models to specific predefined data and operations, thus entirely preventing the risk of unauthorized data access by the models. Additionally, tunnel permissions are tightly integrated with OpenAI's existing workspace role system, enabling enterprises to grant precise authorization to specific users and runtimes through the official platform, while also supporting enterprise-grade outbound proxies, custom CA certificates, and control-plane mTLS security authentication.

Currently, the open-source client supports deployment modes such as Kubernetes Sidecar, standalone Pods, and system services, along with providing a local web management interface to display health and connectivity metrics.