AI Agents, News & Updates

Anthropic Launches MCP Tunnels and Self-Hosted Agent Sandboxes

Anthropic debuts self-hosted sandboxes and MCP tunnels for Claude Managed Agents at Code with Claude London, letting enterprises run agent tool execution inside their own infrastructure perimeter.

4 min read
Anthropic Launches MCP Tunnels and Self-Hosted Agent Sandboxes

Image by CWA

Anthropic Launches MCP Tunnels and Self-Hosted Agent Sandboxes

Anthropic announced two significant new capabilities for Claude Managed Agents today at its Code with Claude London developer conference: self-hosted sandboxes, now available in public beta, and MCP tunnels, entering research preview. Both features let enterprises move AI agent workloads inside their own infrastructure without routing sensitive code, files, or internal service calls through Anthropic's cloud.

The announcement was made via the official @claudeai account on May 19, live from Code with Claude in London. "Run agents inside your own perimeter, with your security controls applied by default," Anthropic said in the announcement tweet.

Claude Managed Agents, which launched on April 8, provides a fully managed harness for running Claude as an autonomous agent — handling the orchestration loop, context management, and error recovery. These new updates address the biggest enterprise objection to adopting it: data leaving the organization's control.

Self-Hosted Sandboxes: Run Tool Execution in Your Infrastructure

Until today, all tool execution in Claude Managed Agents — file operations, shell commands, code runs — happened inside Anthropic's managed cloud environment. Self-hosted sandboxes change the execution layer while keeping the agent loop on Anthropic's side.

With self-hosted sandboxes, companies define their own environment where tool calls execute. The agent loop itself — context management, orchestration, and error recovery — remains on Anthropic's infrastructure, but tools run in a sandbox you control. This matters for workloads involving sensitive code, proprietary data, or compliance requirements that prevent data leaving a defined perimeter.

Anthropician supports several sandbox providers at launch: Cloudflare, Daytona, Modal, and Vercel. For teams running on their own infrastructure, the API accepts a self_hosted config type and generates an environment key for workers that poll the work queue independently of an organization API key.

Clay, a B2B data platform, is already running on self-hosted sandboxes through Daytona. "Claude Managed Agents let us replicate the power of a local agent with the reliability, versioning, and background execution of a cloud agent," said Ryan Chang, AI engineering builder at Clay. "Running it with our sandboxes, like Daytona, gives us control over the filesystem, so we can mount external file stores and install packages on the fly."

Two current limitations: self-hosted sandboxes are not yet available on Claude Platform on AWS, and agent memory features are not supported alongside self-hosted execution.

MCP Tunnels: Private Networks, No Public Endpoints

MCP tunnels solve a different problem: how do you connect a Claude agent to internal services — databases, private APIs, knowledge bases, ticketing systems — without exposing those services to the public internet?

The answer is a lightweight gateway you deploy inside your network that makes a single outbound connection. No inbound firewall rules required, no public endpoints. Traffic is encrypted end to end. With the tunnel in place, Claude agents treat internal MCP servers as standard callable tools without Anthropic's infrastructure touching the private network directly.

MCP tunnels are currently in research preview and require requesting access before use. OAuth authentication is still required on each MCP server the tunnel connects to. The gateway is managed from workspace settings in the Claude Console.

Rogo, an institutional finance AI company, is using Claude Managed Agents with Vercel as the secure execution layer for its proprietary data. "This gives us the option to leverage best-in-class infrastructure while we focus on what compounds for a financial AI platform: depth and breadth of tools and data, and a product surface built for how investors and bankers actually work," said Strib Walker, head of product at Rogo.

Why This Matters for Developers

Together, these two features directly address the most common enterprise objection to agentic AI adoption: data leaving the organization's control.

For developers at companies with strict data governance — financial services, healthcare, legal, defense — the previous Claude Managed Agents setup was capable but fully Anthropic-hosted. Self-hosted sandboxes and MCP tunnels create a viable path for those teams.

The announcement also signals how quickly Anthropic is iterating on Managed Agents. The harness launched just six weeks ago. It has since added built-in memory (public beta), multi-agent orchestration, webhooks, and now execution portability. The pace suggests Anthropic is treating enterprise agent infrastructure as a strategic priority alongside Claude Code's developer-tool traction.

What Is Still Off the Table

A fully on-premise Claude agent deployment remains unavailable. Anthropic keeps the agent loop on its infrastructure regardless of where tool execution happens. Teams requiring model inference inside their own perimeter need to access Claude through Amazon Bedrock or another cloud arrangement.

Self-hosted sandbox support for Claude Platform on AWS has no disclosed timeline. MCP tunnels are gated behind a research preview access request and carry explicit "as-is" language typical of early-stage infrastructure rollouts.

Share:

Other Latest News

Gemini Spark Comes to Mac With Local File Access and MCP Support
AI Agents, News & Updates

Gemini Spark Comes to Mac With Local File Access and MCP Support

Google has added Gemini Spark to the Gemini desktop app for macOS, giving it access to local files, MCP server connections, real-time topic tracking, and new integrations with Canva, Dropbox, and more.

Jul 3, 2026
Google Drops ADK 2.0 and Genkit Agents for AI App Builders
AI Agents, News & Updates

Google Drops ADK 2.0 and Genkit Agents for AI App Builders

Google published three developer-facing launches in 24 hours: ADK 2.0's graph-based workflow runtime, the Genkit Agents API for full-stack conversational AI, and a Google Cloud Workbench VS Code extension — a coordinated push to own the agent-development stack.

Jul 3, 2026
Fable 5 Returns Globally as US Lifts Export Controls on Anthropic
News & Updates, AI Agents, Security

Fable 5 Returns Globally as US Lifts Export Controls on Anthropic

Anthropic restored global access to Claude Fable 5 on July 1 after the US Commerce Department lifted the 19-day export controls. Claude Code and Claude.ai users get the model back with a new 99%+ jailbreak classifier and an industry-wide safety framework now in development.

Jul 2, 2026
Anthropic Launches Claude Sonnet 5 With Near-Opus Coding Performance
AI Agents, News & Updates

Anthropic Launches Claude Sonnet 5 With Near-Opus Coding Performance

Anthropic's new Claude Sonnet 5 brings near-Opus 4.8 agentic coding performance at Sonnet pricing, with a 1M-token context window and introductory rates of $2/$10 per million tokens through August 31.

Jul 1, 2026
GPT-5.6 Is Already Running in Some Codex Sessions
News & Updates, AI Agents

GPT-5.6 Is Already Running in Some Codex Sessions

Developers have found a technique to detect whether GPT-5.6 Sol is already serving their Codex sessions — and some sessions are returning signals consistent with the new model before any public rollout.

Jun 30, 2026
Cursor Launches iOS App in Public Beta for All Paid Plans
Code Editors, News & Updates, AI Agents

Cursor Launches iOS App in Public Beta for All Paid Plans

Cursor's native iOS app is now in public beta on all paid plans, letting developers launch cloud agents, remote-control desktop sessions, and merge PRs directly from their phone.

Jun 30, 2026
← Scroll for more →