Claude Managed Agents can run self-hosted tool sandboxes via new MCP tunnels

Anthropic has added self-hosted sandboxes and MCP tunnels to Claude Managed Agents, giving customers a way to keep tool execution and private-system access inside their own infrastructure instead of routing everything through Anthropic-hosted environments. The company introduced the features on May 19 at Code with Claude London; self-hosted sandboxes are in public beta, while MCP tunnels are in research preview by request. (pasqualepillitteri.it) That changes a specific limitation in managed-agent deployments. Claude Managed Agents already handled long-running agent work as a hosted service, but the new setup lets companies decide where the “hands” of the agent run. In practice, self-hosted sandboxes let tool calls execute on customer-controlled compute or managed providers, and MCP tunnels connect agents to private-network MCP servers without exposing those servers directly to the public internet. (anthropic.com) The technical point is less about adding another tool API than about moving trust boundaries. Anthropic’s own engineering writing has framed Managed Agents around separating the model layer from the execution layer, and outside coverage of the new release describes the update as a way to keep credentials and sensitive systems under enterprise control at the network edge. (anthropic.com) Anthropic has been building toward this for months. Its prior work on MCP, advanced tool use, and Claude Code sandboxing focused on connecting models to larger tool surfaces while reducing context overhead and constraining what code can touch on the filesystem and network. The new Managed Agents features extend that same pattern from developer workstations and hosted tool use into enterprise production environments. (anthropic.com) A second development landed the same day: Andrej Karpathy said on May 19 that he had joined Anthropic. In his post, Karpathy said, “I think the next few years at the frontier of LLMs will be especially formative,” and added that he was “very excited to join the team here and get back to R&D.” Coverage by TechCrunch, CNBC and VentureBeat identified the move as Anthropic hiring an OpenAI co-founder and former Tesla AI leader. (techcrunch.com) Anthropic has not, in the cited materials, directly tied Karpathy’s hiring to the Managed Agents launch. But taken together, the two developments point to where competition is being reported to be moving: not only toward better base models, but toward the tooling, interfaces and control layers that determine whether enterprises can actually deploy agents in sensitive systems. That reading is supported by external reporting, including VentureBeat’s focus on developer tooling and enterprise security around agent execution. (venturebeat.com) The immediate next step is availability. Self-hosted sandboxes are already in public beta, MCP tunnels require requested access, and Anthropic’s Managed Agents documentation and engineering posts are the main places to watch for broader rollout details and implementation guidance. (pasqualepillitteri.it)