Anthropic Claude Managed Agents now run in customer-controlled sandboxes connecting to private MCP servers — enterprise governance answer shipped
Anthropic announced at conference that Claude Managed Agents now operate inside a customer-controlled sandbox tier and connect outward to private MCP servers the customer operates. The enterprise-governance surface that Microsoft Agent 365's SASE-for-agents was the early move on, Anthropic just answered with its own architecture — sandbox owned by the customer, MCP endpoints owned by the customer, only the model and the agent-runtime layer owned by Anthropic.
The architectural difference from Microsoft's pitch is the substantive piece. Microsoft Agent 365's SASE-for-agents wraps customer agent traffic in Microsoft's existing identity-and-network-security stack — the customer's IT department keeps the policy controls, but the data plane runs through Microsoft. Anthropic's customer-controlled sandbox tier flips the diagram: the sandbox is the customer's, the MCP servers the agent calls are the customer's, the customer's data never leaves the customer's network boundary except as model-API calls back to Anthropic. For regulated-industry buyers (finance, healthcare, defense, sovereign-cloud deployments) that diagram is the one procurement asks for explicitly.
The MCP-private-server piece is what makes the architecture credible operationally. Through 2025 the agent-as-a-service offerings from every frontier lab required the agent runtime to call out to the labs' own integration endpoints, which broke the data-residency story even when the rest of the deployment was clean. Anthropic's announcement decouples the integration layer: customers stand up their own MCP servers wrapping their own internal systems, the agent runtime authenticates against those private endpoints, and the lab never sees the integration traffic. Combined with Project Glasswing's expansion with Claude Security public beta and cyber-verification tools, the Anthropic enterprise stack now covers identity-bounded deployment, integration-bounded data flow, and security-team-bounded threat surface — three of the four checklist items enterprise procurement cares about.
Anthropic — Claude Managed Agents announcement → · Model Context Protocol — MCP specification and private-server pattern → · TechCrunch — Anthropic enterprise agent governance May 2026 →