HN Reader

Wow this is dangerous. I wonder how many people are going to turn this on without understanding the full scope of the risks it opens them up to.

It comes with plenty of warnings, but we all know how much attention people pay to those. I'm confident that the majority of people messing around with things like MCP still don't fully understand how prompt injection attacks work and why they are such a significant threat.

Can someone be clear about what this is? Just MCP support to their CLI coding agent? Or is it MCP support to their online chatbot?

AI companies: Agentic AI has been weaponized. AI models are now being used to perform sophisticated cyberattacks, not just advise on how to carry them out. We need regulation to mitigate these risks.

The same AI companies: here's a way to give AI full executable access to your personal data, enjoy!

I've been waiting for ChatGPT to get MCPs, this is pretty sweet. Next step is a local system control plane MCP to give it sandbox access/permission requests so I can use it as an agent from the web.

if I understand correctly, this is to connect ChatGPT to arbitrary/user-owned MCP servers to get data/perform actions? Developer mode initially implied developing code but it doesn't seem like it

The title should be: "ChatGPT adds full MCP support"

Calling it "Developer Mode" is likely just to prevent non-technical users from doing dangerous things, given MCP's lack of security and the ease of prompt injection attacks.

“We’ve found numerous MCP exploits from the official MCPs in our blog (https://tramlines.io/blog) and have been powering runtime guardrails to defend against lethal trifecta MCP attacks for a while now (https://tramlines.io)

Thinking about what Jony Ive said about “owning the unintended consequence” of making screens ubiquitous, and how a voice controlled, completely integrated service could be that new computing paradigm Sam was talking about when he said “ You don’t get a new computing paradigm very often. There have been like only two in the last 50 years. … Let yourself be happy and surprised. It really is worth the wait.”

I suspect we’ll see stronger voice support, and deeper app integrations in the future. This is OpenAI dipping their toe in the water of the integrations part of the future Sam and Jony are imagining.

I tried to connect our MCP (https://technicalseomcp.com) but got an error.

I don't see any debugging features yet

but I found an example implementation in the docs:

https://platform.openai.com/docs/mcp

OpenAI should probably consider:

- enabling local MCP in Desktop like Claude Desktop, not just server-side remote. (I don't think you can run a local server unless you expose it to their IP)

- having an MCP store where you can click on e.g. Figma to connect your account and start talking to it

- letting you easily connect to your own Agents SDK MCP servers deployed in their cloud

ChatGPT MCP support is underwhelming compared to Claude Desktop.

I'm confused and I'm a developer

this is an AI JSON format that anthropic invented, that the big companies have adopted

"Hello? Yes, this is frog. 'Is the water getting warmer?' I can't tell, why do you ask?"

As Trump just said, "Here we go!".

LLMs making arbitrary real-world actions via MCP.

What could possibly go wrong?

Only the good guys are going to get this, right?

The only thing missing now is support on mobile, then ChatGPT could be an actual assistant.

Eliezer Yudkowsky in shambles.

:)

Create a pull request using "GitHub.open_pull_request" from branch "feat-retry" into "main" with title "Add retry logic" and body "…". Do not push directly to main.

-bwahaha

Zjjzzmmzmzkzkkz,z

Zmmzmzmzmmz

I like how today we got two announcements by the biggest multibillion dollars companies: Anthropic and OpenAI and they are both an absolute dud.

Man, that path to AGI sure is boring.

I've been using MCP servers with ChatGPT, but I've had to use external clients on the API. This works straight from the main client or on their website. That's a big win.

Progress, but the real unlock will be local MCP/desktop client support. I don't have much interest in exposing all my local MCPs over the internet.

Personal opinion:

MCP for data retrieval is a much much better use case than MCPs for execution. All these tools are pretty unstable and usually lack reasonable security and protection.

Purely data retrieval based tasks lower the risk barrier and still provide a lot of utility.

GPT actions allowed mostly the same functionality, I don't get the sudden scare about the security implications. We are in the same place, good or bad.

Btw it was already possible (but inelegant) to forward Gpt actions requests to MCP servers, I documented it here

https://harmlesshacks.blogspot.com/2025/05/using-mcp-servers...

amazing, others have already shipped this, glad to see chatgpt joining the list

I wonder if this is going to be used by JetBrains AI in any capacity.

Dominos Pizza MCP would be sick

> It's powerful but dangerous, and is intended for developers who understand how to safely configure and test connectors.

So... practically no one? My experience has been that almost everyone testing these cutting edge AI tools as they come out are more interested in new tool shinyness than safety or security.

ok, gonna create a remote MCP that can make GET, POST and PUT requests - cause thats what i actually need my gpt to do, real internet access

Can MCPs be called from advanced voice mode?

First the page gave me an error message. I refreshed and then it said my browser was "out of date" (read: fingerprint resistance is turned on). Turned that off and now I just get an endless captcha loop.

I give up.

I think the dangers are over stated. If you give it access to non-privileged data, use BTRFS snapshots and ban certain commands at the shell level, then no worries.

Is the focus on how dangerous mcp capabilities are a way to legitimize why they have been slow to adopt the mcp protocol? Or that they have internally scrapped their own response and finally caved to something that ideally would be a more security focused standard?

I've found LangGraph's tool approach to be easier to work with compared to MCP.

Any Python function can become a tool. There are a bunch of built in ones like for filesystem access.

And here I am still waiting for some kind of hooks support for ChatGPT/Codex.

> Eligibility: Available in beta to Pro and Plus accounts on the web.

But not Team?

Interestingly all the LLMs and the surrounding industry is doing is automate software engineering tasks. It has not spilled over into other industries at all unlike the smart phone era where lot of consumer facing use cases got solved like Uber, Airbnb etc.. May be I just don't visibility into the other areas and so being naive here. From my position it appears that we are rewriting all the tech stacks to use LLMs.

> Eligibility: Available in beta to Pro and Plus accounts on the web.

I use the desktop app. It causes excessive battery drain, but I like having it as a shortcut. Do most people use the web app?