claudekit / updates / managed-agents-sandboxes-mcp-tunnels
[ NEW · ]

Claude Managed Agents — Self-hosted sandboxes and MCP tunnels

Claude Managed Agents now supports self-hosted sandboxes (public beta) and MCP tunnels (research preview). The agent orchestration loop stays on Anthropic infrastructure while tool execution runs in customer infrastructure or with managed sandbox providers — Cloudflare, Daytona, Modal, Vercel — and agents reach private-network MCP servers through a lightweight gateway with a single outbound connection, no inbound firewall rules required.

Claude PlatformAgents
Official announcement →

This article is a summary based on official documentation.

Overview

On May 19, 2026, Anthropic added two extensions to Claude Managed Agents: self-hosted sandboxes (public beta) and MCP tunnels (research preview). The agent orchestration loop continues to run on Anthropic’s infrastructure, while sensitive operations — file access, code execution, external service calls — can be kept inside the customer’s security perimeter, either in their own infrastructure or with a managed sandbox provider.

Key features

  • Self-hosted sandboxes — tool execution in your infrastructure or with a managed provider

    Tool execution for Managed Agents previously ran inside Anthropic’s infrastructure, which limited adoption in regulated industries and organizations whose policies require sensitive data to stay inside their own perimeter. With this release, tool execution can run on (1) your own infrastructure or (2) a managed sandbox provider, while the orchestration loop remains on Anthropic infrastructure.

    Launch partners and their characteristics:

    ProviderCharacteristicsLive example
    CloudflaremicroVMs and isolates with zero-trust secrets injection and customizable proxies for egress controlAmplitude — Design Agent
    DaytonaFull, composable, stateful computing environments via SSH or authenticated preview URLs, with state preservationClay — Sculptor GTM agent
    ModalCloud platform for AI workloads with sub-second startup and scaling to hundreds of thousands of concurrent sandboxes, on-demand CPU and GPU
    VercelVM-grade isolation with VPC peering and millisecond startup timesRogo — institutional finance analyst agent

  • MCP tunnels — private MCP servers reachable without public exposure

    Connecting agents to internal databases, APIs, knowledge bases, and ticketing systems used to require exposing those services to the public internet or building a custom proxy. MCP tunnels run a lightweight gateway on your network that makes a single outbound connection, with traffic “encrypted end to end” and no inbound firewall rules required.

    MCP tunnels are managed through workspace settings in the Claude Console by organization admins.

Notes

  • Rollout status: self-hosted sandboxes are in public beta; MCP tunnels are in research preview and require an access request. Both ship on the Claude Platform and are opt-in additions to an existing Managed Agents workspace.
  • Orchestration vs. execution split: the agent’s planning and decision loop continues to run on Anthropic infrastructure. What’s separated is the execution layer — tool calls, sandboxed file access, external service interaction.
  • MCP tunnels security model: no new inbound ports. The gateway makes a single outbound connection and encrypts traffic end to end, so a private MCP server can stay off the public internet while still being callable from an agent.
  • Live examples cited: Amplitude on Cloudflare, Clay on Daytona, and Rogo on Vercel are the partner-customer pairings Anthropic named, useful as reference points when evaluating which provider fits your workload.
  • Documentation: setup docs, cookbooks, and agent deployment tools are available in the Claude Console (platform.claude.com), per the announcement.
§ 4

Frequently Asked Questions

frequently asked
§ 4.1
What's the headline change?
Claude Managed Agents gains two extensions: self-hosted sandboxes that move tool execution into customer infrastructure (or managed sandbox providers — Cloudflare, Daytona, Modal, Vercel), and MCP tunnels that let agents reach private-network MCP servers without exposing them publicly. The agent orchestration loop still runs on Anthropic infrastructure.
§ 4.2
When are these available?
Announced May 19, 2026. Self-hosted sandboxes are in public beta on the Claude Platform. MCP tunnels are in research preview and require an access request via the Claude Platform.
§ 4.3
Does this affect existing Managed Agents setups?
Existing Anthropic-hosted sandbox behavior is unchanged. Self-hosted sandboxes are opt-in at the workspace level, and MCP tunnels are configured separately by organization admins from workspace settings in the Claude Console.
§ 4.4
Where are the official materials?
Anthropic's announcement post at `claude.com/blog/claude-managed-agents-updates`, with documentation, cookbooks, and agent deployment tools in the Claude Console at `platform.claude.com`.