MCP Tunnels, SGLang at Scale, and the AEGIS Governance Blueprint
<p>Anthropic launched <strong>MCP tunnels</strong> and <strong>self-hosted agent sandboxes</strong> (public beta) to let agents reach private infrastructure without inbound firewall exposure — with Cloudflare, Modal, and Vercel as day-one sandbox partners. Meanwhile, <strong>SGLang's RadixAttention</strong> hits 400,000-GPU production scale at 6.4× vLLM t...
Highlights
Anthropic launched MCP tunnels (research preview) and self-hosted agent sandboxes (public beta) on May 19 at Code with Claude London — letting agents reach private infrastructure through a single outbound encrypted connection without inbound firewall exposure. (Anthropic)
Key Signals
-
Anthropic moves Claude agent tool execution inside the customer perimeter May 19, 2026
Self-hosted sandboxes let tool calls run on customer-controlled or partner-managed infrastructure — Cloudflare, Daytona, Modal, and Vercel are launch partners, with bring-your-own-sandbox as a fifth option — while Anthropic retains the orchestration loop. MCP tunnels pair with this by opening outbound-only encrypted connections to internal databases, private APIs, and knowledge bases so agents can reach sensitive systems without any inbound firewall rule. Day-one production references — Amplitude on Cloudflare, DoorDash on Modal, Rogo on Vercel — confirm this is beyond a lab feature. (Anthropic, The New Stack)
-
SGLang reaches 400,000-GPU deployment scale on prefix-heavy inference 2026 production data
RadixAttention stores cached KV state in a radix tree keyed by token sequence, so requests sharing a prefix start computation from the branching point rather than the beginning — delivering up to 6.4× throughput over vLLM on the multi-turn and RAG workloads that dominate deployed agentic applications. SGLang v0.5.8 is now the inference backend for xAI Grok 3, Azure DeepSeek, and Cursor, making it a concrete alternative for teams evaluating vLLM on shared-prefix agent traffic at scale. (SGLang Docs, Spheron)
-
Forrester AEGIS defines six governance domains for agentic enterprise security 2026
AEGIS — Agentic AI Guardrails for Information Security — covers governance, identity, data security, application security, threat operations, and Zero Trust, with core principles of least-agency and continuous assurance. Forrester warns that with 72% of enterprises running agents in production and 60% lacking governance policies, 97% of breached organizations missing access controls, and a public agentic breach predicted this year, the conditions already exist. (Forrester)
Why It Matters / What To Watch
-
Private-perimeter MCP infrastructure is now buildable without inbound exposure
- Self-hosted sandboxes unlock regulated-industry deployments where data cannot leave the customer network — teams should audit whether their current agent architecture routes tool-call data through Anthropic unnecessarily. (Anthropic)
- The MCP 2026-07-28 release candidate locked stateless HTTP transport and a formal Tasks extension on May 21; tunnels plus spec stabilization make this a durable connectivity stack worth integrating into enterprise agent rollouts now. (The New Stack)
-
The August 2 EU AI Act deadline is operational, not theoretical
- Articles 8–17 require quality management systems, technical documentation, and human oversight logs for high-risk AI systems — obligations that agent pipelines touching employment, credit, or legal decisions very likely trigger. (Agentic AI Institute)
- AEGIS's governance-first phased approach maps directly to Article 9 risk management and Article 14 human oversight requirements; adopting it now earns double value as both a security posture improvement and an EU AI Act conformity scaffold. (Forrester)
Quick Links (sources)
- 1
- 2
- 3
- 4
- 5
-
6
Agentic AI Enterprise Adoption 2026: 72% Production, 60% Governance Gap Agentic AI Institute