ludmal@desilva:~$
// AI Engineer
·MCP·2 min read·Platform engineers

MCP tunnels: let Claude's agents reach your private servers — without opening a port

Anthropic's new MCP tunnels connect hosted agents to MCP servers inside your network, no public endpoint required.

Anthropic just shipped MCP tunnels (research preview) for Claude Managed Agents. The short version: your Claude agents can now call MCP servers that live inside your private network — internal databases, APIs, knowledge bases, ticketing systems — without exposing any of them to the public internet or opening a single inbound firewall rule.

The problem it solves

For a hosted agent to use one of your MCP servers, that server normally has to be reachable from the outside: a public endpoint, inbound firewall changes, and a security review that can drag on for weeks. In regulated environments, that's often where the project stalls. MCP tunnels removes the need to expose anything.

How it works

You deploy a lightweight gateway inside your network. It makes a single outbound connection to Anthropic's infrastructure — the same direction your laptop uses to reach any website — so there are no inbound holes and no public endpoints, and traffic is encrypted end to end.

Claude agent (Anthropic)
      │  agent loop stays here
      ▼
encrypted tunnel  ◄── single outbound connection from your gateway
      │
      ▼
your private MCP server   (database, API, ticketing, KB)

The agent loop — orchestration, context, error recovery — keeps running on Anthropic's side. Only the tool calls travel down the tunnel to your servers, so your existing network policies, audit logging, and security tooling stay in force and your data never leaves the perimeter.

Getting started

MCP tunnels works in both Managed Agents and the Messages API, and is managed from workspace settings in the Claude Console by an organization admin. Because it's a research preview, you request access first, then follow the setup in the docs.

Takeaways

  • MCP tunnels = an outbound-only bridge from Claude's hosted agents to MCP servers in your private network. No public endpoint, no inbound firewall changes.
  • The agent loop stays on Anthropic; your tools and data stay behind your perimeter.
  • Available in research preview (request access); works in Managed Agents and the Messages API.

Source: Anthropic announcement, May 19, 2026.