Claude Managed Agents have launched new features allowing users to operate in self-hosted sandboxes and connect to private Model Context Protocol (MCP) servers. This development is aimed at enhancing security and control for enterprises.
Self-Hosted Sandboxes
The self-hosted sandboxes enable agents to execute tools within a controlled environment, either on the user's infrastructure or through managed providers like Cloudflare, Daytona, Modal, or Vercel. This setup ensures that sensitive files and services remain within the enterprise's security perimeter.
- Keep sensitive files and packages within your infrastructure.
- Control resource sizing and runtime images for compute-heavy tasks.
- Maintain existing network policies and security tools.
MCP Tunnels
MCP tunnels provide a secure connection for agents to reach MCP servers without exposing them to the public internet. This allows access to internal databases, private APIs, and other vital tools while ensuring traffic is encrypted end-to-end.
- Deploy a lightweight gateway for outbound connections.
- No need for inbound firewall rules or public endpoints.
- Manage MCP tunnels through workspace settings in the Claude Console.
Use Cases and Benefits
These features are particularly beneficial for enterprises requiring secure orchestration of internal tools. For example, when developing Sculptor, a GTM engineering agent, the ability to control the filesystem and install packages on the fly proved crucial.
Combining Claude Managed Agents with cloud infrastructure like Vercel and Modal allows for rapid deployment and increased reliability, enhancing the overall user experience.
Getting Started
Self-hosted sandboxes are currently in public beta, while MCP tunnels are in research preview. Interested users can request access to MCP tunnels and explore documentation for setup guidance.
Next Steps
Organizations can begin integrating these features into their workflows to leverage the enhanced control and security offered by Claude Managed Agents.
