MCP Tunnels, SGLang at Scale, and the AEGIS Governance Blueprint

<p>Anthropic launched <strong>MCP tunnels</strong> and <strong>self-hosted agent sandboxes</strong> (public beta) to let agents reach private infrastructure without inbound firewall exposure — with Cloudflare, Modal, and Vercel as day-one sandbox partners. Meanwhile, <strong>SGLang's RadixAttention</strong> hits 400,000-GPU production scale at 6.4× vLLM t...

Highlights

Lead Signal

Anthropic launched MCP tunnels (research preview) and self-hosted agent sandboxes (public beta) on May 19 at Code with Claude London — letting agents reach private infrastructure through a single outbound encrypted connection without inbound firewall exposure. (Anthropic)

SGLang's RadixAttention has driven the framework to 400,000+ GPU production deployments powering xAI Grok 3, Azure DeepSeek, and Cursor — delivering up to 6.4× throughput over vLLM on RAG and multi-turn agent workloads. (SGLang Docs)
Forrester published AEGIS — six security domains CISOs need to govern agentic deployments — as 63% of enterprises still lack any AI governance policy and a public agentic breach is predicted in 2026. (Forrester)
EU AI Act Articles 8–17 and 73 — high-risk conformity assessments, human oversight, and 15-day incident reporting — activate August 2, 64 days out, catching agent pipelines in HR, finance, and legal. (Agentic AI Institute)

Key Signals

  1. Anthropic moves Claude agent tool execution inside the customer perimeter May 19, 2026

    Self-hosted sandboxes let tool calls run on customer-controlled or partner-managed infrastructure — Cloudflare, Daytona, Modal, and Vercel are launch partners, with bring-your-own-sandbox as a fifth option — while Anthropic retains the orchestration loop. MCP tunnels pair with this by opening outbound-only encrypted connections to internal databases, private APIs, and knowledge bases so agents can reach sensitive systems without any inbound firewall rule. Day-one production references — Amplitude on Cloudflare, DoorDash on Modal, Rogo on Vercel — confirm this is beyond a lab feature. (Anthropic, The New Stack)

  2. SGLang reaches 400,000-GPU deployment scale on prefix-heavy inference 2026 production data

    RadixAttention stores cached KV state in a radix tree keyed by token sequence, so requests sharing a prefix start computation from the branching point rather than the beginning — delivering up to 6.4× throughput over vLLM on the multi-turn and RAG workloads that dominate deployed agentic applications. SGLang v0.5.8 is now the inference backend for xAI Grok 3, Azure DeepSeek, and Cursor, making it a concrete alternative for teams evaluating vLLM on shared-prefix agent traffic at scale. (SGLang Docs, Spheron)

  3. Forrester AEGIS defines six governance domains for agentic enterprise security 2026

    AEGIS — Agentic AI Guardrails for Information Security — covers governance, identity, data security, application security, threat operations, and Zero Trust, with core principles of least-agency and continuous assurance. Forrester warns that with 72% of enterprises running agents in production and 60% lacking governance policies, 97% of breached organizations missing access controls, and a public agentic breach predicted this year, the conditions already exist. (Forrester)

Why It Matters / What To Watch

  1. Private-perimeter MCP infrastructure is now buildable without inbound exposure
    • Self-hosted sandboxes unlock regulated-industry deployments where data cannot leave the customer network — teams should audit whether their current agent architecture routes tool-call data through Anthropic unnecessarily. (Anthropic)
    • The MCP 2026-07-28 release candidate locked stateless HTTP transport and a formal Tasks extension on May 21; tunnels plus spec stabilization make this a durable connectivity stack worth integrating into enterprise agent rollouts now. (The New Stack)
  2. The August 2 EU AI Act deadline is operational, not theoretical
    • Articles 8–17 require quality management systems, technical documentation, and human oversight logs for high-risk AI systems — obligations that agent pipelines touching employment, credit, or legal decisions very likely trigger. (Agentic AI Institute)
    • AEGIS's governance-first phased approach maps directly to Article 9 risk management and Article 14 human oversight requirements; adopting it now earns double value as both a security posture improvement and an EU AI Act conformity scaffold. (Forrester)

Quick Links (sources)