Anthropic Adds Self-Hosted Sandboxes and MCP Tunnels to Claude Managed Agents

The rise of AI‑driven agents has accelerated demand for tighter control over where data is processed. Companies handling sensitive code, proprietary documents, or regulated information often balk at sending tool‑execution payloads to third‑party clouds. Anthropic’s self‑hosted sandbox feature addresses this friction by allowing the execution environment to sit inside a firm’s own network or on a trusted managed provider, preserving data residency while still benefiting from Claude’s language model.

Self‑hosted sandboxes give organizations the flexibility to choose CPU, memory, and runtime images that match internal standards. For teams lacking dedicated infrastructure, Anthropic partners with providers such as Cloudflare, Daytona, Modal, and Vercel, offering a plug‑and‑play option that retains the same security guarantees. The sandbox isolates tool calls, ensuring files and repositories never leave the corporate perimeter, and integrates with existing audit‑logging and policy frameworks. However, the orchestration layer—context handling, error recovery, and the core agent loop—remains on Anthropic’s servers, meaning a fully on‑premise deployment is still out of reach.

MCP tunnels extend the model’s reach into private networks without opening inbound ports. By establishing a single outbound, end‑to‑end encrypted connection to an on‑premise MCP server, agents can invoke internal APIs, query databases, or interact with ticketing systems securely. This design mitigates the attack surface while satisfying compliance regimes that forbid direct internet exposure. Together, these capabilities signal Anthropic’s strategic push to win enterprise customers who need both powerful generative AI and rigorous security controls, positioning Claude Managed Agents as a more viable alternative to fully self‑hosted solutions.