MCP App StoreThe latest from the AI and MCP ecosystem, curated daily.
Sources
OpenAI updates the Codex app for macOS and Windows, adding computer use, in-app browsing, image generation, and a robust plugin system for developers.
OpenAI launches GPT-Rosalind, a specialized reasoning model for drug discovery and genomics. This provides a frontier-level tool for protein reasoning and complex scientific research workflows.
OpenAI launches 'Trusted Access for Cyber', providing GPT-5.4-Cyber and $10M in API grants to security firms to strengthen global cyber defense infrastructure.
OpenAI has updated the Agents SDK to include native sandbox execution and a model-native harness. These enhancements enable developers to build more secure, long-running agents capable of complex operations across files and tools.
OpenAI introduces GPT-5.4-Cyber to vetted cybersecurity defenders through an expanded Trusted Access program. The move aims to strengthen AI-driven cyber defense while maintaining strict safeguards.
Cloudflare integrates GPT-5.4 and Codex into Agent Cloud, allowing enterprises to scale agentic workflows with improved security and speed. This partnership focuses on deploying real-world AI agents at the edge.
OpenAI has responded to a supply chain attack involving Axios by rotating macOS code signing certificates and updating apps. No user data was compromised in the incident.
OpenAI published a Child Safety Blueprint outlining design and policy recommendations for building AI features that account for age-appropriate safeguards and collaboration to protect young people online. For developers, the blueprint provides practical guidance for safety-by-design and signals areas where product changes may be expected.
OpenAI launched a Safety Fellowship to fund and support independent safety and alignment research, aiming to grow the next generation of talent in these areas. The program provides resources and mentorship for researchers working on practical alignment problems, which could accelerate progress on safety tooling and evaluations that developers and researchers rely on. This matters to the community because it expands training and funding pathways focused on rigorous, independent safety work.
OpenAI added pay-as-you-go pricing for Codex on ChatGPT Business and Enterprise plans, removing the need for a fixed seat commitment to get started. Teams can now scale Codex usage up or down without upfront contracts. A meaningful change for teams that want to pilot Codex without a large spend commitment.
OpenAI announced a $122 billion funding round to expand frontier AI globally, invest in next-generation compute infrastructure, and meet growing demand for ChatGPT, Codex, and enterprise AI products. One of the largest private funding rounds in history, signalling continued massive investment in AI at the frontier.
OpenAI explains how their Model Spec works as a public framework governing model behaviour — balancing safety, user freedom, and accountability as AI systems become more capable and agentic. The post covers how the spec is written, how it influences training, and how it evolves. Important reading for developers and researchers thinking about AI alignment and model governance.
OpenAI launched a Safety Bug Bounty program specifically targeting AI abuse and safety risks — including agentic vulnerabilities, prompt injection, and data exfiltration in AI systems. Unlike traditional security bounties, this one focuses on AI-specific attack surfaces. Relevant for developers thinking about hardening their own agent systems.
OpenAI released prompt-based teen safety policies for developers via the gpt-oss-safeguard model, providing a programmatic way to moderate age-specific risks in AI products. Developers building consumer-facing apps can integrate these policies directly rather than building their own content moderation layer.
ChatGPT launched richer shopping and product discovery powered by the Agentic Commerce Protocol — enabling product comparisons, merchant integrations, and visual browsing directly in chat. A new surface for developers and merchants to integrate into the ChatGPT ecosystem via the commerce protocol.
OpenAI is acquiring Astral — the team behind Ruff (the fast Python linter) and uv (the fast Python package manager) — to accelerate Codex and the next generation of Python developer tools. Astral's tools are already widely used across the Python ecosystem, making this a significant move for AI-assisted Python development.
OpenAI launched GPT-5.4 mini and nano — smaller, faster variants of GPT-5.4 optimised for coding, tool use, multimodal reasoning, and high-volume API and sub-agent workloads. Mini targets tasks needing strong reasoning at lower cost; nano is designed for speed-critical pipelines. Important additions to the model lineup for developers choosing the right model for cost/performance tradeoffs.
OpenAI explains why Codex Security takes a fundamentally different approach to code security than traditional SAST tools — using AI-driven constraint reasoning to find real vulnerabilities rather than generating noisy false-positive reports. The post digs into the technical rationale and what this means for developers integrating security checks into AI coding workflows.
OpenAI outlines the architectural patterns used to defend ChatGPT agents against prompt injection and social engineering — constraining risky actions, separating trusted from untrusted content, and protecting sensitive data in agent workflows. Directly applicable to any developer building agents that process external content.
OpenAI engineering post on how they built an agent runtime using the Responses API, hosted shell tool, and containers — giving agents persistent file access, tool execution, and state across runs. Covers the architecture decisions behind making the Responses API a full agent execution environment rather than just a stateless inference endpoint.