Anthropic MCP Tunnels: Agents Reach On-Prem Data Privately

My notes

Summary

A short social clip recapping Anthropic’s “MCP tunnels” announcement at the Code with Claude conference in London. The feature lets a managed agent reach data living on your own server through an MCP connection, instead of pulling that data out to an external service. The pitch: keep sensitive data on-prem while still letting agents act on it.

Key Insight

• MCP tunnels = agent reaches your private backend without exfiltrating data. The agent accesses website/server data through an MCP endpoint that stays on your infrastructure.
• Framing distinction worth keeping: humans use the front end (click around), agents use the back end (MCP). MCP is the agent-facing API surface of a system.
• The real value is data residency, not new capability per se, work happens against data that never leaves your server. Relevant for compliance-sensitive or client-confidential workloads.
• Source is a hype-style social clip, so treat specifics (exact mechanics, GA vs preview) as unverified, confirm against Anthropic’s actual docs before building on it.