Anthropic has expanded its Claude Managed Agents platform with two new enterprise-focused capabilities: self-hosted sandboxes and MCP tunnels. These additions directly address a persistent challenge in enterprise AI deployments, where organizations want to leverage autonomous agents but cannot allow execution environments or internal systems to leave their security perimeter. By providing a secure, on-premises solution, Anthropic aims to bridge the gap between powerful AI agents and strict corporate security policies.
The Challenge of Enterprise AI Deployment
Many enterprises struggle to integrate autonomous AI agents because of security requirements. Agents often need to execute code, access internal databases, or interact with proprietary systems—activities that typically require cloud-based execution or external connectivity. However, corporate security teams are reluctant to expose sensitive data or allow execution outside their controlled environment. This tension has slowed the adoption of agentic AI in sectors like finance, healthcare, and legal services.
Security and Data Privacy Constraints
Compliance with regulations such as GDPR, HIPAA, and CCPA forbids the transfer of personal data to unauthorized locations. Furthermore, many organizations have zero-trust policies that require all code execution to occur within their own data centers or private clouds. Self-hosted sandboxes and MCP tunnels are designed to overcome these barriers while maintaining the full functionality of Claude agents.
Anthropic's Solution: Two New Capabilities
The two features work in tandem. Self-hosted sandboxes provide a secure, isolated environment for agent execution, while MCP tunnels enable private, encrypted connections to internal systems without exposing them to the public internet.
Self-Hosted Sandboxes for Isolated Execution
With self-hosted sandboxes, organizations can run Claude agents within their own infrastructure. This means code execution, API calls, and data processing all happen behind the corporate firewall. The sandbox is fully configurable: administrators can define network access, storage limits, and security policies. It also integrates with existing logging and monitoring tools, providing full visibility into agent actions. This approach eliminates the need to trust an external cloud environment with sensitive operations.
MCP Tunnels for Private Internal Access
MCP (Managed Communication Protocol) tunnels create secure, outbound-only connections from the agent to internal services. Instead of opening inbound ports, the tunnel initiates a connection from the corporate network to the Claude platform, which then uses it to deliver authenticated requests. All traffic is encrypted end‑to‑end and can be routed through existing proxies. This design ensures that internal systems remain invisible to the internet while still being accessible to approved agents.
How It Works and Key Benefits
Anthropic designed these capabilities to be complementary. A typical workflow might involve an agent running inside a self-hosted sandbox, using an MCP tunnel to query a customer relationship management (CRM) system or update a database. The sandbox provides compute isolation, while the tunnel provides network isolation.
/presentations/game-vr-flat-screens/en/smallimage/thumbnail-1775637585504.jpg)
Maintaining Security Without Sacrificing Functionality
- Full data residency: All data remains within the organization's boundaries.
- Compliance ready: Meets strict regulatory requirements for data handling.
- No public exposure: Internal services never have open ports or public DNS entries.
- Scalable and manageable: Administrators can configure policies and monitor activity via existing tools.
- Low latency: Execution occurs on local infrastructure, reducing round‑trip times.
Use Cases and Industry Impact
These features unlock several practical applications. In financial services, a Claude agent can analyze internal transaction data and generate compliance reports without leaving the bank's secure network. In healthcare, agents can process electronic health records (EHRs) to assist with diagnosis or drug interaction checks while adhering to HIPAA rules. Legal firms can deploy agents to review document repositories, ensuring privileged information never crosses a security boundary.
Anthropic's move positions Claude as a strong contender for enterprise‑grade agent deployments. By addressing the most common security objections, the platform may accelerate adoption in heavily regulated industries that previously avoided autonomous agents.
Conclusion and Future Outlook
Self-hosted sandboxes and MCP tunnels represent a significant step forward for enterprise AI. They allow organizations to capture the productivity gains of autonomous agents without compromising on security or compliance. As more businesses explore agentic AI, Anthropic's emphasis on private, controlled execution environments could become a benchmark for the industry. Future updates may extend these capabilities to support multi‑cloud configurations or deeper integration with identity and access management systems.
For enterprises evaluating AI agents, these tools offer a practical path to deployment. By keeping execution and data within the corporate perimeter, they remove the final barriers to adoption.