Run Claude Managed Agents on Cloudflare: Everything You Need to Know

Cloudflare Developers| 00:05:30|May 20, 2026
Chapters7
Anthropic and Cloudflare now let you run Claude managed agents on Cloudflare, offering incredible scale, fast boot times, and built-in security controls and tools. This chapter highlights the integration and its high-level benefits.

Cloudflare and Anthropic let you run Claude managed agents directly on Cloudflare, offering scalable micro VMs or fast JavaScript isolates, strong egress security, and seamless tool integrations via a few clicks.

Summary

Cloudflare Developers breaks down how Anthropic and Cloudflare joined forces to run Claude managed agents inside Cloudflare. The integration ships as an open-source repo with a deploy-to-Cloudflare button, so you can provision the worker, storage, and bindings in minutes. Once configured, Claude environments point to your worker URL, and every agent you spin up against that environment runs on your Cloudflare account. Cloudflare emphasizes that you can choose between a micro VM container or a dynamic JavaScript isolate (V8) to optimize for cost, scale, and speed. The micro VM gives a full container, while the isolate sandbox trades that for quicker cold starts (about 5 ms). Security is a core pillar: outbound traffic passes through an egress layer that can inject credentials and enforce per-user policies, preventing exposure of secrets like Stripe keys even if a prompt tries to reveal them. Cloudflare mesh and VPC bindings further constrain which internal services an agent can access. The third big win is ease of capability expansion: browser tools, image generation via Workers AI, and private service calls are all plug-and-play. Each agent even gets its own email address via Cloudflare email routing, enabling email-driven agent interactions. The transcript provides concrete examples—calling Stripe, Slack, and GitHub APIs, and using R2, D1, and Workers AI—to illustrate the platform’s reach. Anthropic handles the “brain,” while Cloudflare supplies the scalable, secure hands to implement it with minimal infrastructure management. The video concludes by pointing viewers to the announcement blog post and the deploy-to-Cloudflare button for hands-on testing.

Key Takeaways

  • Cloudflare offers two execution modes for Claude agents: a micro VM container for full Linux-like capabilities and a dynamic workers isolate (V8) for lower cost and faster scaling.
  • Weighing scale vs. cost, you can switch between a full container and a JavaScript sandbox with hot toggles in your setup.
  • Outbound security is enforced by an egress layer that injects credentials and enforces per-user policies, so agents never see real API keys.
  • Agents get their own email addresses via Cloudflare email routing, enabling email-driven interactions without exposing secrets or compromising security, all routed to a per-agent handler.

Who Is This For?

Essential viewing for developers building AI-powered workflows who want to run Claude agents at scale on Cloudflare, while maintaining tight security and easy access to tools like email routing, storage, and inference APIs.

Notable Quotes

"Cloudflare flips this around. Every outbound request from the sandbox passes through an egress layer at the worker boundary before it ever hits the network."
Security design: outbound traffic is controlled, preventing credential leakage.
"The egress worker matches the host, pulls the secret key from KV, injects the authorization header on the way out."
Shows concrete mechanism to keep keys out of agent code.
"Every agent literally gets its own email address."
Novel interaction model enabled by Cloudflare email routing.
"You can customize as much as you want to, from the deploy button to the Claude environment webhook."
Open-source, highly configurable deployment flow.
"Cold starts only take about 5 milliseconds on the isolate sandbox."
Highlights speed advantages of dynamic workers.

Questions This Video Answers

  • how do Claude managed agents run on Cloudflare and what are the deployment steps
  • what are the differences between micro VM and V8 isolate sandbox in Cloudflare for agent workloads
  • how does Cloudflare egress layer protect API keys when running AI agents
  • can agents on Cloudflare access private services securely through VPC bindings
  • how does Cloudflare email routing assign unique addresses to each Claude agent
Cloudflare WorkersClaude managed agentsIsolate sandboxMicro VMDynamic workersEgress layerHeader injectionCloudflare meshWorkers VPC bindingsEmail routing for agents
Full Transcript
Anthropic and Cloudflare have partnered to allow you to run your Claude managed agents code in Cloudflare. With that, you get incredible scale and fast boot speed, as well as security controls, built-in tools, and more. Let's take a look. One quick thing before we dive in, Cloudflare ships this whole integration as an open-source repo with a deploy to Cloudflare button. This works out of the box, but you can customize as much as you want to. You click the button, Cloudflare provisions the worker, the storage, and the bindings. Then over in the Claude console, you create a self-managed environment, point the Claude environment webhook at your worker's URL, and you're done. From there, every Claude agent you spin up against that environment runs on your Cloudflare account. With that out of the way, let's get into what makes it different. When you run your agent code in the cloud, typically you get a full Linux container. Cloudflare gives you exactly that in the micro VM sandbox, and you can customize the size of the container and the image. But what happens when you scale this up? Imagine a 100,000 users, each with five agents running in the background, summarizing inboxes, monitoring dashboards, drafting replies, etc. That's half a million Linux containers, most of them idle waiting for the model to respond, and that cost adds up fast. So, Cloudflare added a second option, the isolate sandbox powered by dynamic workers. Instead of a full container, your agent runs inside of a V8 isolate, the same primitive workers have been built on for a decade. You get a sandbox JavaScript runtime, a virtual file system, and the ability to execute JavaScript that the agent writes on the fly. More importantly, cold starts only take about 5 milliseconds, so environments can spin up and down extremely quickly. With Cloudflare, you get to choose between a micro VM when you need a full container and dynamic workers when you want to focus on cost, scale, and speed. Those benefits aside though, another factor you should consider is security. Cloudflare's environments ship with an egress layer that gives you full control over your outgoing traffic. You can inject credentials, determine dynamic per user policies, and modify requests in any way. Here's an example. Agents typically need to call APIs. Stripe for payments, Slack for communication, and GitHub for code. And all of those need API keys. The standard pattern is to just dump those keys into the sandbox as environment variables. The problem is once the secret lives inside the sandbox, the agent can potentially read it. And anything the agent can read, it can be tricked into sending somewhere it shouldn't. A user or a malicious email or a website your agent visits could convince the agent to help debug by printing out its environment variables. If the agent obliges, now your Stripe key is in a chat log. Or worse, posted to a public URL that the attacker owns. Cloudflare flips this around. Every outbound request from the sandbox passes through an egress layer at the worker boundary before it ever hits the network. One useful rule type here is header injection. Let's say the agent calls API.stripe.com. The egress worker matches the host, pulls the secret key from KV, injects the authorization header on the way out. The agent never sees the value, it just sees that the call worked. The agent only gets a name to reference, so even if a clever prompt convinces the agent to print every variable it has access to, none of them are the real keys. The flip side of egress is reaching for things within your control. Your internal database or private analytics service, and Cloudflare mesh solves for that. It's one private network that spans your laptops, servers, and workers, all routed through Cloudflare's edge. Pair it with workers VPC bindings, and your agent gets a CF call service tool with a closed list of exactly which services on your mesh it's allowed to call. So that covers scale and security. The third item is where I get most excited. On most platforms, give your agent a new capability means provisioning a new service, building an API, securing it, and hoping the agent figures out how to call it. On Cloudflare, though, you just check a box. Browser tools to fetch URLs and take screenshots, image generation through Workers AI, the ability to call a private service, all wired up out of the box. And here's the one that surprised me the most. Every agent literally gets its own email address. You point Cloudflare email routing at the integration's email handler with a catch-all rule on your domain, and when the handler sees an email come in, it parses out the agent ID and delivers the message to that specific agent. So, a customer emails an agent, the agent reads, drafts, sends a reply, or you kick off an agent by emailing it yourself. And when you do need something more custom, the docs walk you through that as well. Here's an idea. A tool that takes a screenshot of any URL, uploads it to R2 object storage, and gives the agent back a public link to share. Now your agent can take a screenshot of a competitor's pricing page, post it in Slack, and link to it. A Zod's schema for the input, a function that does the work, a binding declaration, and done. And because the whole thing runs on Cloudflare, every other Cloudflare product is one binding away as well. R2 for storage, D1 for SQL, Workers AI for inference, Vectorize for search. You don't need to leave the platform to give your agent more reach, and you don't have to actively manage infrastructure. Don't worry about scaling, containers, connectivity, just write a function and you're done. So, Anthropic provides you the brain, and Cloudflare gives you the hands to do the work with a runtime fast enough and cheap enough to scale to millions of concurrent agents with dynamic workers. Read the announcement blog post for more details, or use the deploy to Cloudflare button in the repository to get started. Both are linked in the description below.

More from Cloudflare Developers

Related Videos

How to get to production faster with Claude Managed Agents thumbnail

How to get to production faster with Claude Managed Agents

 Claude
00:29:04
Build a production-ready agent with Claude Managed Agents thumbnail

Build a production-ready agent with Claude Managed Agents

 Claude
00:27:23
Claude Managed Agents Will Make Millionaires (do this now) thumbnail

Claude Managed Agents Will Make Millionaires (do this now)

 Liam Ottley
00:09:54
Building with Claude Managed Agents and Asana AI teammates thumbnail

Building with Claude Managed Agents and Asana AI teammates

 Claude
00:24:57
RIP OpenClaw/Hermes: Composio + Claude Agents SDK is NUTS thumbnail

RIP OpenClaw/Hermes: Composio + Claude Agents SDK is NUTS

 Income stream surfers
00:09:57
Claude Managed Agents Are A GAME CHANGER (here's why) thumbnail

Claude Managed Agents Are A GAME CHANGER (here's why)

 Income stream surfers
00:10:17

Get daily recaps from
Cloudflare Developers

AI-powered summaries delivered to your inbox. Save hours every week while staying fully informed.

Get Started