feature insight

Claude Managed Agents adds self-hosted sandboxes and private MCP tunnels

Anthropic’s Claude Managed Agents can now run inside customer-controlled sandboxes and connect to private MCP servers, while Vercel published a companion sandbox path that runs each agent session in an isolated Firecracker microVM with credential brokering and deny-by-default egress. Together the updates make managed agents much easier to place on top of private infrastructure without giving up a hosted agent loop.

Published May 19, 2026 Updated May 20, 2026 2 sources

Claude Managed AgentsClaude Managed Agentsagentsfeature updatehigh impact

agentsenterprise-controlsmcpsandboxingfeature-update

Impact: high
Confidence: 99%
Change type: feature update
First seen: May 19, 2026
Last updated: May 20, 2026
Audience: platform teamssecurity teamsdevelopers
Status: Published

Summary

What changed

Claude Managed Agents gained self-hosted sandbox support and private MCP tunnel connectivity, with Vercel documenting a production execution path for running those sessions inside isolated Vercel Sandbox microVMs.

Why it matters

This shifts managed agents closer to real enterprise deployment patterns: the model loop stays hosted, but execution, networking, and secret boundaries move nearer to customer infrastructure. The Vercel implementation details also show where competition is heading: hosted agent control planes paired with tightly governed runtime sandboxes.

Evidence excerpt

Anthropic says Managed Agents can run in customer-controlled sandboxes and connect to private MCP servers, while Vercel says each session can run in its own Firecracker microVM with credential brokering and deny-by-default egress.