Claude Managed Agents Gain Self-Hosted Sandboxes and MCP Tunnels for Enhanced Security

TL;DR

• Claude Managed Agents now offer self-hosted sandboxes, allowing agents to run within your own controlled environments.
• MCP tunnels have been introduced, enabling agents to securely connect to private Model Context Protocol (MCP) servers.
• This enhances security and control by keeping agent execution and connected services within your established enterprise boundaries.
• Self-hosted sandboxes are currently in public beta on the Claude Platform, while MCP tunnels are in research preview.

Anthropic has rolled out significant updates to Claude Managed Agents, introducing self-hosted sandboxes and MCP tunnels. These new features are designed to provide users with greater control over their agent's execution environment and data access, particularly for enterprises with stringent security requirements. The core idea is to allow agent operations, including tool execution and connections to internal services, to remain within the established security perimeter of an organization. This approach ensures that sensitive files, packages, and proprietary services are not exposed to external networks without proper controls. You can explore more about these updates on the Claude Managed Agents Updates blog post.

With self-hosted sandboxes, the agent's orchestration, context management, and error recovery loop still reside on Anthropic's infrastructure. However, the actual execution of tools, which can be compute-intensive or require access to specific local resources, is delegated to an environment you manage. This means that your organization's existing network policies, audit logging, and security tooling can be applied directly to agent operations. Furthermore, you have control over the compute resources, allowing you to size them appropriately for demanding tasks such as long builds or image generation, ensuring agents have the necessary CPU and memory. For detailed information on setting up self-hosted sandboxes, consult the Self-hosted Sandboxes Documentation.

Several managed providers are available to simplify the deployment of these sandboxes. Cloudflare offers sandboxes leveraging microVMs and isolates, with features like zero-trust secrets injection and customizable proxies for outbound network control. Daytona provides stateful, long-running composable computers that can be paused and restored with their state intact, which is beneficial for agents needing to maintain context over extended periods. Modal, a platform for AI workloads, offers sandboxes that integrate seamlessly with its functions, storage, and networking primitives, providing rapid startup times and on-demand compute resources. Vercel sandboxes combine VM security with VPC peering and bring-your-own-cloud capabilities, boasting millisecond startup times and secure credential injection at the network boundary. You can learn more about using these providers through various guides, such as the Cloudflare Managed Agents Sandbox, Daytona Managed Agents Guide, and Modal Managed Agents Blog.

Complementing the self-hosted sandboxes, MCP tunnels enable agents to connect to Model Context Protocol (MCP) servers located within a private network. This allows agents to securely interact with internal databases, private APIs, and knowledge bases without exposing these resources to the public internet. A lightweight gateway deployed within your network establishes a single, encrypted outbound connection, eliminating the need for inbound firewall rules or public endpoints. MCP tunnels are available in Managed Agents and the Messages API, and can be managed by organization administrators through the Claude Console's workspace settings.

These advancements in Claude Managed Agents are particularly valuable for organizations handling sensitive data or operating in regulated industries. By keeping agent execution and data access within controlled environments, companies can leverage the power of AI agents while adhering to their existing security and compliance frameworks. The availability of self-hosted sandboxes in public beta and MCP tunnels in research preview signifies a strong commitment from Anthropic to providing enterprise-grade solutions for AI agent development and deployment.

Summary

• Self-hosted sandboxes allow Claude Managed Agents to run within your infrastructure for enhanced security.
• MCP tunnels enable secure connections to private backend services without public exposure.
• Supported sandbox providers include Cloudflare, Daytona, Modal, and Vercel.
• Self-hosted sandboxes are in public beta, and MCP tunnels are in research preview.

Source: New in Claude Managed Agents: self-hosted sandboxes and MCP tunnels | Claude