Anthropic adds self-hosted sandboxes and MCP tunnels to Claude Managed Agents

Anthropic is expanding Claude Managed Agents with self-hosted sandboxes and MCP tunnels. Companies can now move their AI agents' tool execution into their own infrastructure. But Anthropic isn't handing over full control of the agent itself.

Anthropic has introduced two new features for Claude Managed Agents: self-hosted sandboxes and MCP tunnels. Both aim to give companies more control over where their AI agents run tools and which internal services they can access.

With self-hosted sandboxes, Anthropic moves tool execution into the customer's own infrastructure. Files and repositories never leave the company's environment, according to Anthropic. Network policies, audit logging, and existing security tools stay in place. Companies choose their own CPU, memory, and runtime image. Those who don't want to set up their own infrastructure can use managed providers like Cloudflare, Daytona, Modal, or Vercel.

Self-hosted sandboxes let companies run agent tool calls on their own infrastructure or through managed providers like Cloudflare, Daytona, Modal, and Vercel. | Image: Anthropic

The second addition, MCP tunnels, connects agents to MCP (Model Context Protocol) servers on a private network without exposing them to the public internet. A lightweight gateway opens a single outbound connection, end-to-end encrypted, with no inbound firewall rules or public endpoints required. The goal: let agents tap into internal databases, private APIs, or ticketing systems as tools.