OpenAI has launched a new beta feature called Developer Mode for ChatGPT, expanding how developers can connect external tools to the chatbot. The feature is available to Plus and Pro users on the web and provides full access to MCP (Model Context Protocol) tools, including both read and write functions.
That makes Developer Mode a meaningful change for users who want to bring their own tool infrastructure into ChatGPT. It also raises the stakes: OpenAI says the feature is powerful, but it is not a casual setting for every user.
What Developer Mode adds to ChatGPT
Developer Mode lets developers connect their own remote servers, manage tools, and use those tools directly inside chats. In practical terms, ChatGPT can become a place where a developer works with MCP connectors rather than only discussing them.
The source article says the feature gives Plus and Pro users on the web full access to MCP tools. That includes read functions and write functions, which is the part that makes the feature more capable and more sensitive at the same time.
Read functions can be useful when a connected tool needs to retrieve information. Write functions go further because they can change something through a connected system. OpenAI is therefore requiring separate confirmation before any write action can proceed.
The beta also supports several technical building blocks for remote connector workflows:
- OAuth authentication
- HTTP streaming
- Server-Sent Events (SSE)
Those details matter because Developer Mode is not only a switch that exposes more buttons. It is designed for developers who are connecting remote servers and managing tools through ChatGPT itself.
How users can enable the beta
The setup path is specific. To activate Developer Mode, users go to Settings → Connectors → Advanced Settings → Developer Mode.
After the mode is enabled, connectors can be added directly through the chat input field. That placement is important because it puts connector setup close to the conversation where the tools will be used.
The source does not describe the beta as broadly available to every ChatGPT user. It names Plus and Pro users on the web. It also frames the release as a beta, which signals that the feature is still being tested and refined.
For developers, the core workflow is straightforward: enable Developer Mode, add connectors, and use MCP tools in chats. The larger question is whether each connector is configured safely enough for the level of access it receives.
Why write access changes the risk profile
OpenAI warns that Developer Mode comes with serious risks. The source specifically names prompt injection, unintended write operations, and potentially dangerous tool execution.
Those risks are connected to the same capabilities that make the feature useful. If a tool can read data, the wrong instruction path could expose information. If a tool can write data, an unsafe or unexpected action could alter something the user did not intend to change.
The source also notes a more direct connector risk: if an MCP server is compromised, it could access or alter user data. That is why the security of the remote server matters, not only the behavior of ChatGPT itself.
OpenAI’s warning is unusually direct:
"It's powerful but dangerous, and is intended for developers who understand how to safely configure and test connectors."
That line defines the intended audience. Developer Mode is being presented as a tool for developers who can evaluate connector behavior, test setups, and understand the consequences of granting tools read and write access.
What developers should take from the launch
The main takeaway is that ChatGPT is gaining deeper support for MCP-based tool use on the web for Plus and Pro users. Developers can connect remote servers, manage tools, and invoke those tools inside chats, with support for OAuth authentication, HTTP streaming, and Server-Sent Events.
The second takeaway is that access and responsibility arrive together. Full MCP access means the feature is not limited to viewing or retrieving information. It can include write functions, and those functions require separate confirmation before they proceed.
That confirmation step does not remove the need for caution. The source makes clear that prompt injection, unintended write operations, dangerous tool execution, and compromised MCP servers are part of the risk landscape.
For teams and individual developers, the beta is best understood as a more direct bridge between ChatGPT and custom tool environments. It can make chats more operational, but only when the connected systems are configured and tested with care.
Developer Mode therefore represents both a product expansion and a security boundary. OpenAI is giving developers more control over MCP connectors in ChatGPT, while also warning that the feature should be used by people who understand how to handle that control safely.