Anthropic's MCP tunnels and self-hosted sandboxes: keeping agents inside your perimeter

Anthropic has quietly shipped two new infrastructure features for Claude agents: MCP tunnels and self-hosted sandboxes. Neither is about making Claude smarter. Both are about making it safe to deploy inside a real enterprise security perimeter.

They solve different problems. You might need one, the other, or both.

What actually changed

MCP tunnels let Claude connect to MCP servers running in your private network — without opening inbound firewall ports or exposing services to the public internet.

The mechanism is an outbound-only connection (via Cloudflare as the transport layer) that carries three independent layers of encryption: mutual TLS between Anthropic and the tunnel edge, inner TLS between Anthropic's backend and your proxy, and OAuth authentication on each individual MCP server. Crucially, Cloudflare can see connection metadata — timing, byte volume, your subdomain — but cannot read MCP request or response payloads because the proxy terminates inner TLS using a certificate only you hold.

Anthropic's MCP tunnels and self-hosted sandboxes: keeping agents inside your perimeter

Other newsrooms on this story

Related reading

Anthropic adds self-hosted sandboxes and MCP tunnels to Claude Managed Agents

Other newsrooms on this story

Related reading

Anthropic adds self-hosted sandboxes and MCP tunnels to Claude Managed Agents

Anthropic enhances Claude Managed Agents with two new privacy and security…

Securing AI agent credentials with MCP tunnels

Announcing Claude Managed Agents on Cloudflare

The security problem nobody is talking about: MCP servers

Anthropic Silently Patches Claude Code Sandbox Bypass