HeadsUpAI

Anthropic Launches Self Hosted Sandboxes to Run Claude Agents Inside Your Perimeter

Anthropic launched self-hosted sandboxes in public beta and MCP tunnels in research preview for Claude Managed Agents. These features allow the Claude Managed Agents platform to orchestrate tasks while tool execution—like running code or processing files—happens on the customer's own infrastructure or through managed providers.
Sandbox availability
Public beta
MCP tunnels availability
Research preview
Supported sandbox providers
Cloudflare, Daytona, Modal, and more
Connectivity
Outbound-only, end-to-end encrypted
Management interface
Claude Console

This shift solves a critical trust bottleneck for enterprise AI by keeping sensitive data and execution within a private perimeter. While Anthropic manages the reasoning loop, companies maintain control over security policies and compute resources. This follows previous infrastructure expansions like the Claude Platform on AWS to meet strict compliance requirements.

You can now connect agents to internal databases using MCP tunnels, which create secure outbound-only connections without opening firewall ports. Self-hosted sandboxes are available now through providers like Cloudflare, mirroring Cloudflare's isolated Claude sandboxes, and Vercel, following the pattern of Vercel's Claude credential protection.

View the full update on claude.com
Claude
Claude
@claudeai
X

Live from Code with Claude London: we're launching self-hosted sandboxes (public beta) and MCP tunnels (research preview) in Claude Managed Agents. Run agents inside your own perimeter, with your security controls applied by default. https://t.co/cxvmk3feHp

469retweets6.2klikes
View on X

Still wondering? A few quick answers below.

Self-hosted sandboxes allow organizations to run the tool execution layer of their AI agents on their own private infrastructure or through managed providers like Cloudflare and Vercel. While Anthropic manages the agent's reasoning and orchestration, the actual code execution and file processing stay within the customer's security perimeter under their own runtime controls.

MCP tunnels provide a secure way for Claude agents to connect to private Model Context Protocol servers inside a company's network without exposing them to the public internet. A lightweight gateway makes an outbound-only connection to Anthropic, allowing agents to safely access internal databases, private APIs, and ticketing systems through an encrypted end-to-end tunnel.

Anthropic has partnered with several infrastructure providers to offer managed sandbox environments, including Cloudflare, Vercel, Modal, and Daytona. These partners handle the compute and isolation for agent tool execution, offering features like microVM security, VPC peering, and sub-second startup times while allowing customers to maintain control over network policies and secrets.

Self-hosted sandboxes are currently available in public beta for users on the Claude Platform. MCP tunnels are in a research preview phase and require organization administrators to request access through an official form. Both features are managed through the workspace settings within the Claude Console and are compatible with the Messages API.

By using self-hosted sandboxes, enterprises ensure that sensitive files, packages, and proprietary data never leave their own infrastructure during agent execution. This setup allows organizations to apply existing audit logging, network policies, and security tooling to AI workloads while controlling the specific CPU and memory resources allocated to compute-heavy tasks like long builds.

Share this update