Anthropic Expands Claude Managed Agents with Self-Hosted Sandboxes and Private MCP Tunnels
Key Takeaways
- ▸Self-hosted sandboxes allow agent tool execution in customer-controlled environments while maintaining Anthropic-hosted orchestration
- ▸MCP tunnels provide secure, private connections to internal services without exposing servers to the public internet
- ▸Four major sandbox providers (Cloudflare, Daytona, Modal, Vercel) offer different isolation models and performance characteristics
Summary
Anthropic has announced two significant enterprise features for Claude Managed Agents: self-hosted sandboxes and MCP tunnels. Self-hosted sandboxes allow organizations to execute agent tools within their own infrastructure or with managed providers like Cloudflare, Daytona, Modal, and Vercel, while the orchestration layer remains on Anthropic's infrastructure. This architecture ensures that sensitive files, packages, and services never leave the organization's security perimeter, and customers maintain full control over compute resources, runtime images, and security policies.
MCP tunnels enable Claude agents to securely connect to private Model Context Protocol servers without exposing them to the public internet. Organizations deploy a lightweight gateway that establishes a single outbound connection, allowing agents to access internal databases, private APIs, knowledge bases, and ticketing systems. Traffic is encrypted end-to-end, and no inbound firewall rules or public endpoints are required.
Both features are now available on the Claude Platform, with self-hosted sandboxes in public beta and MCP tunnels in research preview. Early enterprise customers including Clay (Sculptor GTM engineering agent), Amplitude (Design Agent), and Rogo (AI analyst agent) are already leveraging these capabilities for secure, compliant agent deployment.
- Features enable enterprise data sovereignty, compliance control, and integration with existing security infrastructure
