AI Agents, News & Updates

Anthropic Launches MCP Tunnels and Self-Hosted Agent Sandboxes

Anthropic debuts self-hosted sandboxes and MCP tunnels for Claude Managed Agents at Code with Claude London, letting enterprises run agent tool execution inside their own infrastructure perimeter.

4 min read
Anthropic Launches MCP Tunnels and Self-Hosted Agent Sandboxes

Image by CWA

Anthropic Launches MCP Tunnels and Self-Hosted Agent Sandboxes

Anthropic announced two significant new capabilities for Claude Managed Agents today at its Code with Claude London developer conference: self-hosted sandboxes, now available in public beta, and MCP tunnels, entering research preview. Both features let enterprises move AI agent workloads inside their own infrastructure without routing sensitive code, files, or internal service calls through Anthropic's cloud.

The announcement was made via the official @claudeai account on May 19, live from Code with Claude in London. "Run agents inside your own perimeter, with your security controls applied by default," Anthropic said in the announcement tweet.

Claude Managed Agents, which launched on April 8, provides a fully managed harness for running Claude as an autonomous agent — handling the orchestration loop, context management, and error recovery. These new updates address the biggest enterprise objection to adopting it: data leaving the organization's control.

Self-Hosted Sandboxes: Run Tool Execution in Your Infrastructure

Until today, all tool execution in Claude Managed Agents — file operations, shell commands, code runs — happened inside Anthropic's managed cloud environment. Self-hosted sandboxes change the execution layer while keeping the agent loop on Anthropic's side.

With self-hosted sandboxes, companies define their own environment where tool calls execute. The agent loop itself — context management, orchestration, and error recovery — remains on Anthropic's infrastructure, but tools run in a sandbox you control. This matters for workloads involving sensitive code, proprietary data, or compliance requirements that prevent data leaving a defined perimeter.

Anthropician supports several sandbox providers at launch: Cloudflare, Daytona, Modal, and Vercel. For teams running on their own infrastructure, the API accepts a self_hosted config type and generates an environment key for workers that poll the work queue independently of an organization API key.

Clay, a B2B data platform, is already running on self-hosted sandboxes through Daytona. "Claude Managed Agents let us replicate the power of a local agent with the reliability, versioning, and background execution of a cloud agent," said Ryan Chang, AI engineering builder at Clay. "Running it with our sandboxes, like Daytona, gives us control over the filesystem, so we can mount external file stores and install packages on the fly."

Two current limitations: self-hosted sandboxes are not yet available on Claude Platform on AWS, and agent memory features are not supported alongside self-hosted execution.

MCP Tunnels: Private Networks, No Public Endpoints

MCP tunnels solve a different problem: how do you connect a Claude agent to internal services — databases, private APIs, knowledge bases, ticketing systems — without exposing those services to the public internet?

The answer is a lightweight gateway you deploy inside your network that makes a single outbound connection. No inbound firewall rules required, no public endpoints. Traffic is encrypted end to end. With the tunnel in place, Claude agents treat internal MCP servers as standard callable tools without Anthropic's infrastructure touching the private network directly.

MCP tunnels are currently in research preview and require requesting access before use. OAuth authentication is still required on each MCP server the tunnel connects to. The gateway is managed from workspace settings in the Claude Console.

Rogo, an institutional finance AI company, is using Claude Managed Agents with Vercel as the secure execution layer for its proprietary data. "This gives us the option to leverage best-in-class infrastructure while we focus on what compounds for a financial AI platform: depth and breadth of tools and data, and a product surface built for how investors and bankers actually work," said Strib Walker, head of product at Rogo.

Why This Matters for Developers

Together, these two features directly address the most common enterprise objection to agentic AI adoption: data leaving the organization's control.

For developers at companies with strict data governance — financial services, healthcare, legal, defense — the previous Claude Managed Agents setup was capable but fully Anthropic-hosted. Self-hosted sandboxes and MCP tunnels create a viable path for those teams.

The announcement also signals how quickly Anthropic is iterating on Managed Agents. The harness launched just six weeks ago. It has since added built-in memory (public beta), multi-agent orchestration, webhooks, and now execution portability. The pace suggests Anthropic is treating enterprise agent infrastructure as a strategic priority alongside Claude Code's developer-tool traction.

What Is Still Off the Table

A fully on-premise Claude agent deployment remains unavailable. Anthropic keeps the agent loop on its infrastructure regardless of where tool execution happens. Teams requiring model inference inside their own perimeter need to access Claude through Amazon Bedrock or another cloud arrangement.

Self-hosted sandbox support for Claude Platform on AWS has no disclosed timeline. MCP tunnels are gated behind a research preview access request and carry explicit "as-is" language typical of early-stage infrastructure rollouts.

Share:

Other Latest News

Cursor Brings Cloud Agents to Jira With Native Work Item Integration
AI Agents, News & Updates, Code Editors

Cursor Brings Cloud Agents to Jira With Native Work Item Integration

Cursor now lets teams assign Jira tickets directly to a cloud agent or mention @Cursor in any comment to trigger a task — completing the loop between where work is tracked and where it gets done.

May 20, 2026
Google I/O 2026: Gemini 3.5 Flash Tops Pro on Coding Benchmarks
AI Agents, News & Updates

Google I/O 2026: Gemini 3.5 Flash Tops Pro on Coding Benchmarks

Google ships Gemini 3.5 Flash at I/O 2026 — outperforming Gemini 3.1 Pro on coding and agentic benchmarks at 4× the speed and less than half the cost, available now in the Gemini API and Antigravity.

May 20, 2026
Cursor Ships Composer 2.5: Smarter Agent Model for Long-Running Tasks
AI Agents, News & Updates, Code Editors

Cursor Ships Composer 2.5: Smarter Agent Model for Long-Running Tasks

Cursor releases its next in-house coding model, Composer 2.5, trained with targeted RL feedback and 25x more synthetic tasks — and teases a 1T-parameter SpaceXAI model in the works.

May 19, 2026
Google I/O 2026 Opens Today: Agentic Coding and New Gemini on Tap
AI Agents, News & Updates

Google I/O 2026 Opens Today: Agentic Coding and New Gemini on Tap

Google I/O 2026 kicks off today at 10am PT with agentic coding and a major Gemini model update officially on the agenda, as Google challenges Claude Code, Cursor, and OpenAI Codex for developer toolchain dominance.

May 19, 2026
Anthropic Closes In on $900B Valuation as Claude Code Hits $2.5B ARR
AI Agents, News & Updates

Anthropic Closes In on $900B Valuation as Claude Code Hits $2.5B ARR

Anthropic has agreed terms on a new $30B round at a $900B+ valuation led by Dragoneer, Greenoaks, Sequoia, and Altimeter — set to overtake OpenAI — driven by Claude Code's $2.5B ARR and explosive enterprise developer adoption.

May 19, 2026
OpenAI Merges ChatGPT, Codex, and API Into One Agentic Platform
AI Agents, News & Updates

OpenAI Merges ChatGPT, Codex, and API Into One Agentic Platform

OpenAI is collapsing ChatGPT, Codex, and its developer API into a single product team under Greg Brockman, with Codex chief Thibault Sottiaux leading a unified super app ahead of a potential IPO.

May 18, 2026
← Scroll for more →