# Anthropic为Claude Managed Agents新增自托管沙箱与MCP隧道功能

- 来源：The Decoder：AI News（RSS）
- 作者：Maximilian Schreiner
- 发布时间：2026-05-19 18:02
- AIHOT 分数：67
- AIHOT 链接：https://aihot.virxact.com/items/cmpchon6t02ebslae50gn2k4l
- 原文链接：https://the-decoder.com/anthropic-adds-self-hosted-sandboxes-and-mcp-tunnels-to-claude-managed-agents

## AI 摘要

Anthropic宣布扩展其Claude Managed Agents平台，新增自托管沙箱和MCP隧道两项关键功能。企业现在能够将AI Agent的工具执行环境部署在自己的基础设施中，提升了数据安全性和操作灵活性。值得注意的是，此次更新并未转移Agent本身的控制权，其核心管理仍由Anthropic平台负责。这一举措旨在满足企业对敏感数据处理和本地化部署的需求，同时保持托管服务的便捷性。

## 正文

Anthropic adds self-hosted sandboxes and MCP tunnels to Claude Managed Agents

Key Points

Anthropic adds self-hosted sandboxes to Claude Managed Agents, letting companies run AI agent tools on their own infrastructure.

MCP tunnels connect agents to internal databases and APIs through encrypted channels.

Agent orchestration stays on Anthropic's servers. Both features are still in early testing.

Anthropic is expanding Claude Managed Agents with self-hosted sandboxes and MCP tunnels. Companies can now move their AI agents' tool execution into their own infrastructure. But Anthropic isn't handing over full control of the agent itself.

Anthropic has introduced two new features for Claude Managed Agents: self-hosted sandboxes and MCP tunnels. Both aim to give companies more control over where their AI agents run tools and which internal services they can access.

With self-hosted sandboxes, Anthropic moves tool execution into the customer's own infrastructure. Files and repositories never leave the company's environment, according to Anthropic. Network policies, audit logging, and existing security tools stay in place. Companies choose their own CPU, memory, and runtime image. Those who don't want to set up their own infrastructure can use managed providers like Cloudflare, Daytona, Modal, or Vercel.

The second addition, MCP tunnels, connects agents to MCP (Model Context Protocol) servers on a private network without exposing them to the public internet. A lightweight gateway opens a single outbound connection, end-to-end encrypted, with no inbound firewall rules or public endpoints required. The goal: let agents tap into internal databases, private APIs, or ticketing systems as tools.

Anthropic keeps the agent loop on its own servers

Agent orchestration—context management, error handling, and the actual agent loop—stays on Anthropic's infrastructure. A fully on-premise deployment of the agents isn't possible. Companies that want to control model execution themselves won't find a solution here.

Both features are also still early. Self-hosted sandboxes are available as a public beta. MCP tunnels are only a research preview, and companies need to request access.

AI News Without the Hype – Curated by Humans
