FWIW, I'm very happy to see this announcement. Full MCP support was the only thing holding me back from using GPT5 as my daily driver as it has been my "go to" for hard problems and development since it was released.

Calling out ChatGPT specifically here feels a bit unfair. The real story is "full MCP client access," and others have shipped that already.

I’m glad MCP is becoming the common standard, but its current security posture leans heavily on two hard things:

(1) agent/UI‑level controls (which are brittle for all the reasons you've written about, wonderfully I might add), and

(2) perfectly tuned OAuth scopes across a fleet of MCP servers. Scopes are static and coarse by nature; prompts and context are dynamic. That mismatch is where trouble creeps in.