Anthropic has announced new features for its Claude Managed Agents, unveiling self-hosted sandboxes and model context protocol (MCP) tunnels during its Code with Claude developer conference in London.
This event marked Anthropic’s first developer-focused gathering outside the US and its first in Europe. Self-hosted sandboxes are available in public beta on the Claude Platform, while MCP tunnels are offered in a research preview for which users can request access.
Go deeper with GlobalData
Access deeper industry intelligence
Experience unmatched clarity with a single platform that combines unique data, AI, and human expertise.
According to Anthropic, these additions allow Claude Managed Agents to execute tools within environments managed by the customer. This means that both the sandbox where an agent operates and the services it accesses can run within boundaries defined and controlled by the enterprise.
The goal is to enable businesses to maintain their own security measures and govern runtime operations while using the platform.
The self-hosted sandbox feature gives organisations the ability to keep sensitive files, software packages, and services on their internal infrastructure or through a supported managed provider.
The orchestration and error recovery elements remain on Anthropic’s side, but the actual tool execution takes place within the customer’s designated environment.
Anthropic states that this allows enterprises to maintain existing network policies, audit logging, and security controls, with files and data staying internal. Resource allocation for more intensive tasks, such as lengthy builds or image generation, can also be specified by the user.
Companies can select their preferred sandbox client. Supported providers include Cloudflare, Daytona, Modal, and Vercel.
Each offers different computing and isolation options. For example, Cloudflare manages sandboxes at scale using microVMs and supports outbound network controls.
Daytona provides stateful sandboxes that can be accessed, paused, and restored with full state retention.
Modal, a cloud platform oriented towards AI workloads, provides functions with container-based sandboxes and access to CPU and GPU resources. Vercel combines virtual machine security with rapid startup and allows customers to use their own cloud environments while managing firewall and credential security.
Anthropic outlined how some teams are already using Managed Agents with these infrastructure providers. Rogo, an AI platform for institutional finance, is developing an analyst agent that uses Managed Agents for reasoning and Vercel for secure data handling.
Clay’s engineering agent, Sculptor, builds and monitors workflows using Daytona, and DoorDash is constructing its own internal productivity agent operating with Modal.
Rogo product head Strib Walker said: “Claude Managed Agents handles the agent loop, Vercel’s sandboxes give us an environment we can configure for our workloads. This gives us the option to leverage best-in-class infrastructure while we focus on what compounds for a financial AI platform: depth and breadth of tools and data, and a product surface built for how investors and bankers actually work.”
Meanwhile, MCP tunnels allow agents to access Model Context Protocol servers within a private network without exposing those servers to the public internet. This enables agents to work with internal databases, private APIs, and other restricted services.
MCP tunnels rely on a customer-deployed lightweight gateway that creates a single outbound connection with end-to-end encryption. No inbound firewall adjustments or public endpoints are required, according to Anthropic.
Management of MCP tunnels is available via organisation administrator controls in the Claude Console.
Neither self-hosted sandboxes nor MCP tunnels require changes to existing Managed Agents integrations. Adjustments between Anthropic’s and the customer’s infrastructure are handled through configuration. MCP tunnels can be used both in Managed Agents and through the Messages API.
These announcements follow earlier releases, including the initial launch of Claude Managed Agents, the addition of built-in memory features, and the general availability of Claude Platform on AWS.
The Claude Platform on AWS is designed for developers and organisations needing development features without specific data residency requirements. Customer data is processed outside AWS’s security boundaries, and customers retain their own access and billing controls.
