Get Marketing Insights First
Subscribe to receive actionable strategies, growth tips, and industry insights delivered straight to your inbox.
What Is Claude Managed Agents? (2026 Overview)
Claude Managed Agents is Anthropic's hosted agent platform. Learn what it does, how pricing works, and who it's actually built for.
Six systems. That’s what one of our engineers counted when we audited our agent infrastructure last quarter.
Agent loop. Sandbox. State persistence. Error recovery. Credential scoping. Session tracing.
Four of them had nothing to do with what the agent actually does. They existed purely to keep it from falling over in production.
That’s the tax every team pays when they build Claude-based agents from scratch. And it’s the problem Claude Managed Agents — launched in public beta on April 8, 2026 — is designed to eliminate.
What Is Claude Managed Agents?
Claude Managed Agents is Anthropic’s hosted infrastructure for running autonomous AI agents — not a new model, not a new Claude variant. Think of it as the operations layer you’d otherwise spend three months building yourself.
You define what your agent does. Anthropic runs it. The agent loop, tool execution, sandboxing, session management — all handled. You get a fully managed environment where Claude can read files, run commands, browse the web, and execute code securely.
I keep seeing people evaluate this as a model release and come away confused. It’s not. Evaluate it as infrastructure, and everything about it makes sense.
How It Works: Sessions, Harnesses, and Sandboxes
The architecture has three components. Anthropic’s engineering team describes this as “virtualizing the components of an agent” — the same way operating systems abstracted hardware into general interfaces for programs that didn’t exist yet.
This framing confused me at first. Once it clicked, the whole design made sense.
A session is the append-only log of everything that happened. A harness is the loop that calls Claude and routes its tool calls to the right infrastructure. A sandbox is the execution environment where Claude can run code and edit files.
Each component is independent. That’s the part that actually matters.
What a session stores and why it matters
A session is a running agent instance performing a specific task — and its outputs persist even through disconnections. Events stream back via server-sent events (SSE): user turns, tool results, status updates, all of it.
Because the log is stored server-side, a multi-hour research task doesn’t restart if a connection drops. The agent picks up from where it left off. Building this yourself — durable, queryable session state that survives real-world network conditions — is genuinely one of the harder infrastructure problems. It’s the kind of thing that looks simple until you’re debugging it at 11pm.
What the harness actually controls
The harness decides when to call tools, how to manage context, and how to recover from errors. It also handles prompt caching and context compaction automatically.
That last part matters more than it sounds. When sessions run long and context gets full, most teams I’ve talked to have their own hand-rolled compaction logic — and it breaks in edge cases constantly. The harness handles this without you touching it.
The sandbox is an isolated Linux container with configurable network access. Ephemeral — spins up when needed, shuts down when idle. You don’t pay for compute when the agent isn’t working.
What Claude Managed Agents Can Do
Built-in tool execution, web search, and code running
Out of the box: Bash commands inside the container, file operations (read, write, edit, glob, grep), web search and fetch, and MCP servers for connecting to external tools.
The credential handling is the part I found most interesting. OAuth tokens sit in a secure vault, accessed only through an MCP proxy. Claude never sees the raw token — the proxy fetches credentials, makes the call, returns the result. The agent never touches authentication material directly.
For teams that have spent time worrying about prompt injection via tool results, this architecture is worth reading carefully.
Context management across long-running tasks
Context lives outside Claude’s context window — stored durably in the session log. The getEvents() interface lets the harness fetch positional slices of the event stream on demand.
What this means in practice: the agent can work on tasks that exceed a single context window without losing track of what happened hours ago. No permanent summarization, no irreversible compaction decisions. The full history is always queryable.
What It Cannot Do — Limitations to Know
Public beta means things are still moving. Here’s what actually matters for planning — not the full list, just the ones that will bite you if you miss them.
It only runs Claude models. Switch models later, rebuild the orchestration layer. This is the vendor lock-in trade-off, and it’s real. If multi-model flexibility is on your roadmap, factor this in before you build production workflows on top of it.
Batch API discounts don’t apply. Sessions are stateful and interactive — there’s no batch mode. If your cost model assumes 50% Batch API discounts, those don’t carry over. I’ve seen teams miss this when projecting costs.
Multi-agent coordination is still in research preview. Outcomes, multiagent, memory — all require separate access requests. Don’t plan around these for anything shipping soon.
Not available on Bedrock or Vertex AI. Direct Claude API only. If your infrastructure runs through either of those, this is a blocker, full stop.
Data sovereignty. Session data sits in Anthropic’s infrastructure. For regulated industries, this needs a conversation with your compliance team before you start building, not after. Anthropic’s Trust Center has the current documentation — SOC 2 Type 2 and ISO 27001 attestations are there.
How Pricing Works ($0.08/session-hour + tokens)
Two billing dimensions running simultaneously. Simpler than it looks, but with one variable that’s easy to underestimate.
Tokens: Opus 4.6 runs $5 input / $25 output per million tokens. Sonnet 4.6 is $3 / $15. Full model breakdown on Anthropic’s official pricing page. Prompt caching cuts input costs by up to 90% on cache hits — worth enabling from day one.
Session runtime: $0.08 per session-hour, billed to the millisecond. Idle time — waiting for input, tool confirmations, queuing — doesn’t count. You pay for active execution only.
Web search: $10 per 1,000 searches, on top of tokens and runtime. If your agent searches frequently, model this separately. It adds up faster than the runtime cost.
What it replaces: The Code Execution container-hour billing is gone when you’re on Managed Agents. You’re not paying that on top of session runtime — it’s replaced, not stacked.
Anthropic’s worked example: a one-hour Opus 4.6 session with 50K input tokens and 15K output tokens costs $0.705. With prompt caching active on 40K of those input tokens, it drops to $0.525.
I ran a simpler scenario — a daily research agent on Sonnet 4.6, 30 minutes of active runtime, moderate token volume. Runtime cost: about $0.04/day. Token cost depends heavily on document size, but for typical knowledge work, the runtime charge is almost noise. The real variable is how token-hungry your tool loop is. Every bash command, every file read, every web fetch adds tokens. A session with dozens of tool calls burns through context fast.
One honest flag: these are beta-era numbers. The $0.08/session-hour rate isn’t a permanent contractual commitment. Build your cost models with that uncertainty baked in.
Who Is It Built For? Developers vs. Business Teams
Claude Managed Agents is an API product. Access is open to all Anthropic API accounts in public beta — you just need the managed-agents-2026-04-01 header in your requests. The SDK adds it automatically.
The teams getting the most out of it right now are the ones who’ve already tried to build production agents and know exactly what sandboxing costs in engineering hours. Not teams that are still figuring out whether agents are useful — teams that have already decided yes, and are stuck on the ops side.
Early production adopters: Notion, Rakuten, Asana, Atlassian. Anthropic’s launch announcement has firsthand accounts from each — what they built, how fast, what the harness handled for them.
For solo builders and small teams: I’d think carefully before committing. The economics work differently at smaller scale. If your agent runs occasionally, the infrastructure problem probably isn’t your bottleneck — and the Agent SDK or standard Messages API gives you more control without the lock-in. Managed Agents makes sense when the ops overhead is the actual constraint, not when it might become one someday.
How Is This Different from the Standard Claude API?
Three options, meaningfully different:
Messages API — Send a prompt, get a response. No harness, no agent loop, no tool orchestration. You build everything. Most developers are here.
Claude Agent SDK — You get the agent loop and built-in tools as a library. But deployment is yours: containers, scaling, secrets, crash recovery. The middle ground.
Claude Managed Agents — Anthropic runs everything. You define the agent, launch sessions, consume results. Sandboxing, scaling, crash recovery, logging — handled. The trade-off is lock-in and less control.
The move from Messages API to Managed Agents isn’t about getting a better model. It’s about deciding you’re done paying the infrastructure tax.
FAQ
Q: Is Claude Managed Agents available to everyone now?
Public beta, open access — no waitlist. You need the managed-agents-2026-04-01 header on every request. SDK handles it automatically. Direct API calls need it manually; skip it and your requests fail.
Q: Do I need to write code to use it?
Yes. This is an API product for developers and engineering teams. Not a no-code tool. If you’re evaluating it for a business without technical resources, a product built on top of the Claude API is a more realistic starting point.
Q: How is session-hour billing calculated?
Billed to the millisecond, active execution time only. Idle time — waiting for user input, tool confirmations, queuing — doesn’t accrue. The $0.08/session-hour is for time the session is actually running, not wall-clock time.
Q: Is my data stored by Anthropic?
Session data is stored in Anthropic’s infrastructure. For teams with compliance requirements, don’t leave this for later — check Anthropic’s Trust Center before you start building. SOC 2 Type 2 and ISO 27001 documentation is there.
Q: Can I use it with existing Claude integrations?
If you’re on the Messages API now, the transition is additive — same token pricing, same models, MCP integrations carry over. Hard constraint: direct Claude API only. Bedrock and Vertex AI aren’t supported. If your current setup routes through either, you’d need to re-route before using Managed Agents.
The question most teams are actually asking isn’t “what is this?” It’s “does replacing our agent infrastructure with this make sense right now?”
If you’ve already spent months building the plumbing and it’s holding, probably not yet. If you’re starting fresh or hitting the infrastructure wall for the first time — this is worth a serious look. Pick one session, one contained workflow, and run the actual cost math before you commit.
That’s the starting point.
Important updates waiting for you!
Consectetur eget cras neque augue malesuada urna urna hendrerit tellus.