By ByteBot
Running a Claude agent on a recurring schedule used to mean building a small AWS empire around it. EventBridge rule, Lambda function, IAM role for the scheduler, Secrets Manager for the credentials, CloudWatch for monitoring when things inevitably broke. A full infrastructure layer just to say “do this every Monday at 9 AM.” On June 9, Anthropic removed that tax. Claude Managed Agents now supports scheduled deployments via cron expressions and credential vaults that inject secrets at the network boundary — without ever exposing them to the agent itself. If you have been putting off automating repetitive Claude agent work because of the setup overhead, that overhead just shrank considerably.
Scheduled Deployments: What Claude Managed Agents Now Offers
The June 9 announcement added cron-based scheduling to Claude Managed Agents as a public beta feature. The model is simple: give a deployment a cron trigger, and each time the schedule fires, a new agent session starts, completes its task, and ends. No server to host, no scheduler to maintain, no heartbeat checks to write.
The cron syntax is standard. A nightly data sync at 2 AM:
trigger:
type: cron
schedule: "0 2 * * *"A Monday morning compliance scan at 9:
trigger:
type: cron
schedule: "0 9 * * 1"Once a deployment is live, you can pause it, resume it, archive it, or trigger an on-demand run outside the regular schedule — all from the Claude Platform dashboard. The official documentation notes that all Managed Agents endpoints require the managed-agents-2026-04-01 beta header, though the official SDK sets it automatically.
The practical reduction is significant. The previous pattern for scheduled Claude agents looked like: EventBridge Scheduler to Lambda function to Anthropic API call to agent session. That is three AWS services, IAM permissions for each handoff, and a Lambda to maintain. Now it is one deployment on the Claude Platform.
Credential Vaults: The Security Architecture Worth Understanding
Giving an AI agent access to third-party APIs has always carried a trust question: if the agent is compromised or manipulated, can it exfiltrate your credentials? Claude Managed Agents vault feature answers that with a specific architectural choice.
The setup: register an API key in the vault with two pieces of metadata — an environment variable name (what CLIs in the sandbox will reference) and a domain allowlist (which endpoints the key is permitted to reach). The sandbox receives an opaque placeholder, not the actual secret. When the agent initiates an outbound request to an approved domain, the real key is injected at the network boundary — at egress, not inside the sandbox.
The security property this creates is specific: even if an attacker fully controls the reasoning during a session, they cannot exfiltrate vault credentials because those secrets never enter the sandbox address space. Your GitHub token only leaves for github.com. Your Sentry token only reaches sentry.io. The domain allowlist is not cosmetic — it is the enforcement mechanism.
Credential rotation is also cleaner. Update a value in the vault and running sessions pick it up on the next outbound call. No redeploy, no secret propagation pipeline. Supported CLIs include Browserbase, Notion, Ramp, Sentry, and KERNEL — and anything that authenticates via HTTP headers works the same way. The full vault setup is documented at platform.claude.com/docs/en/managed-agents/vaults.
Who Is Already Using It
Anthropic named three companies in the announcement. Rakuten uses scheduled deployments to have agents analyze spreadsheet data and produce weekly and monthly reports, and separately monitors production logs to generate application health summaries for product managers — without anyone building a dashboard. Ando uses agents to autonomously track hiring and sales tasks, send reminders, and follow up with candidates and prospects. Notion uses vaults to roll out its CLI to agents while meeting internal security requirements: API tokens never reach the agent directly, which satisfied its security team and unlocked file-upload capabilities in the sandbox.
These are not prototype workflows. A scheduled reporting pipeline at Rakuten replacing human-assembled spreadsheet decks is the kind of use case that justifies the production AI agents framing Anthropic has been pushing since the Managed Agents launch in April.
What It Does Not Replace
The scheduled deployment feature suits task-complete-exit workflows: run this, finish, stop. It does not handle complex event-driven flows — if your agent needs to react to a Slack message, a webhook, or a real-time database change, you still need external infrastructure to route those events in. Persistent state across sessions also requires an external store; each session starts clean. And if you need sophisticated retry logic with exponential backoff and dead letter queues, that is still yours to build.
Some teams are running a hybrid: Managed Agents handles the AI runtime, EventBridge or a lightweight scheduler handles complex event routing around it. For those use cases, the new cron trigger does not eliminate the outer layer. But for a wide class of recurring tasks — reports, scans, syncs, digests — it does.
How to Get Started
Both features are in public beta as of June 9 — no waitlist, no access request. They are available now at platform.claude.com. Pricing is standard Claude API token rates plus $0.08 per session-hour. MCP tunnels remain in research preview and require a separate request to enable.
If you have been running Claude agents on a manual trigger or wrapping them in scheduler infrastructure you would rather not maintain, this is a straightforward upgrade. The official announcement has setup details, or start directly in the Managed Agents documentation.
