Anthropic ships Claude Managed Agents v2 — self-hosted sandboxes plus MCP tunnels keep sensitive data inside the customer perimeter
Anthropic updated Claude Managed Agents on May 19 with public-beta self-hosted sandboxes and a research-preview "MCP tunnels" feature. The combination lets enterprises keep sensitive data and tool execution inside their own security perimeter while still using the Anthropic-managed orchestration layer. The release closes the most-cited objection to managed-agent adoption from regulated industries.
The architectural pattern matters. Prior managed-agent offerings (Anthropic's earlier version, OpenAI's hosted Operator descendants, Google's Gemini Enterprise Agent Platform) required tool execution to happen on the vendor's infrastructure, which carried the same data-residency objections as any third-party SaaS. Self-hosted sandboxes flip the model: orchestration is managed by Anthropic, execution happens inside the customer's network, and data stays where the customer's compliance regime allows.
MCP tunnels are the more technically interesting half. They extend MCP 2.0's standardized tool-call schema with an explicit auth-handoff path that traverses customer-network boundaries without exposing tool credentials to Anthropic's runtime. For an enterprise that wants Claude orchestrating tool calls against their internal Snowflake, Slack, and GitHub instances without those tool credentials ever leaving the customer perimeter, this is the architectural pattern that makes the deployment legible to InfoSec.
Releasebot — OpenAI Release Notes May 2026 Latest Updates → · AI Business — Agentic AI recent news → · AI Agent Store — Daily AI Agent News Last 7 Days →