Anthropic Launches Self-Hosted Sandboxes and MCP Tunnels for Claude Managed Agents

Overview

At its Code with Claude London event, Anthropic announced two new security-focused features for Claude Managed Agents: self-hosted sandboxes and MCP tunnels. Both are designed to let enterprises operate AI agents while keeping sensitive files, internal services, and proprietary data entirely within their own perimeter.

Self-Hosted Sandboxes

Available now in public beta, self-hosted sandboxes move tool execution from Anthropic's infrastructure to the customer's own environment. When Claude agents need to run code, browse files, or interact with services, those actions happen inside the company's infrastructure — files and repositories never leave the enterprise boundary. For organizations that prefer managed options, Anthropic supports Cloudflare, Daytona, Modal, and Vercel as certified sandbox providers.

MCP Tunnels

In research preview (access by request), MCP tunnels let agents connect to MCP servers on private networks without exposing those servers to the public internet. A lightweight gateway opens a single outbound, end-to-end encrypted connection — no inbound firewall rules or public endpoints needed. This enables agents to securely access internal databases, private APIs, and ticketing systems as tools.

What This Means for Enterprise AI

The announcement lowers the barrier for regulated industries — finance, healthcare, legal — to adopt Claude agents at scale. Agent orchestration still runs on Anthropic's servers, but actual tool execution happens entirely within the enterprise boundary. The features signal a broader push by AI companies to build the trust infrastructure needed to meet enterprise security and compliance standards.