Anthropic ships MCP tunnels and self-hosted sandboxes for Claude Managed Agents — enterprises can keep data inside their security perimeter
Anthropic updated Claude Managed Agents on May 19 with two public-beta features that solve the central enterprise blocker: MCP tunnels and self-hosted sandboxes. Together they let companies route managed-agent tool calls through their own network and execute code in their own infrastructure, keeping sensitive data and tool execution inside the security perimeter while still using Anthropic's orchestration.
The architecture shift matters because the prior managed-agent pattern required customers to either send sensitive data to Anthropic's cloud or build their own orchestration layer. MCP tunnels punch an authenticated reverse-channel from the customer's network to Anthropic's agent runtime — Claude calls a tool, the call routes through the tunnel, executes in the customer's environment, returns. Self-hosted sandboxes do the same for code execution: the model decides what to run, the customer's compute actually runs it. Neither feature requires data to leave the customer's perimeter for execution.
This is the unlock for regulated industries. Through 2025 the dominant agent deployments at banks, hospitals, and government tenants were custom-built precisely because managed services couldn't meet data-residency and execution-sovereignty requirements. MCP tunnels plus self-hosted sandboxes collapse that gap — the customer gets the orchestration sophistication of a managed agent platform while keeping the auditable execution boundary their compliance teams require. Expect rapid adoption in financial services through Q3 as the public beta moves to GA.
Anthropic — Claude Managed Agents MCP tunnels → · Anthropic — Self-hosted sandboxes public beta → · Crescendo AI — Latest AI news and breakthroughs →