Guillermo Rauch
@rauchg
Claude Managed Agents 🤝 Vercel Sandbox https://t.co/pW6iGH63MG
6retweets129likes
View on XVercel and Anthropic Secure Autonomous Agents via Firewall Level Credential Injection
Anthropic launched self-hosted sandboxes in public beta for Claude Managed Agents, a platform for hosting autonomous AI systems. Vercel, a frontend cloud platform, released an integration using Vercel Sandbox as the execution layer. This setup separates reasoning from execution, extending the Claude Managed Agents infrastructure and Anthropic's private infrastructure tools.
- Availability
- Public beta (sandboxes), Research preview (MCP)
- Execution environment
- Vercel Sandbox (microVM)
- Security mechanism
- Credential brokering (firewall-level injection)
- Supported models
- Claude 3.7 Sonnet, Claude 4 series
- Authentication
- OIDC (Vercel), Environment Keys (Anthropic)
This architecture addresses security risks through credential brokering—injecting authentication at the network firewall rather than storing keys in environment variables. This mirrors OpenAI's secure agent workflows and follows a pattern seen in Cloudflare's Claude Managed Agents integration to provide a path for building durable AI agents.
You can now deploy agents that reach internal databases by configuring a networkPolicy to allow specific domains. The system uses a webhook-driven control plane to spawn fresh microVMs for every session. The self-hosted sandbox beta and MCP (an open standard for connecting AI to tools) tunnels are available now in the Anthropic dashboard.
Still wondering? A few quick answers below.
Claude Managed Agents is a platform from Anthropic that handles the underlying infrastructure for AI agents, including session state, tool-calling loops, and execution environments. While Anthropic typically hosts the entire system, this update allows developers to provide their own self-hosted sandboxes to run agent tools within their own security perimeter.
The integration splits the agent into a control plane and a compute plane. A Vercel Function receives webhooks from Anthropic to manage sessions, while a Vercel Sandbox runs as an isolated microVM to execute specific tool calls like shell commands or file reads. This ensures that each agent session operates in a fresh, secure environment.
Credential brokering is a security feature that injects sensitive API keys at the network firewall level instead of passing them as environment variables. Because the keys never enter the sandbox microVM, they cannot be leaked by compromised agent code or jailbreak attempts. The firewall only attaches the credentials to requests matching specific, pre-defined domains.
Anthropic has launched self-hosted sandboxes in public beta for Claude Managed Agents. Additionally, the company introduced a research preview for Model Context Protocol tunnels, which helps standardize how agents connect to external tools. Developers can access these features through the Anthropic dashboard by setting up a self-hosted environment and generating an environment key.
Vercel Sandbox is ideal for agents that need to interact with private infrastructure, such as internal databases or APIs not reachable from the public internet. It provides egress control through domain allowlists and uses hardened microVM technology to prevent container escapes. The platform is designed for TypeScript developers and integrates with existing Vercel workflows.
