Anthropic added two security upgrades for Claude Managed Agents, giving enterprises tighter data control. The features—MCP tunnels and a self‑hosted sandbox—extend isolation beyond the cloud. Earlier this year the company launched Managed Agents to simplify building and deploying AI agents; May’s additions deepen that promise as businesses push for on‑premise AI safety, as the AI market tightens around data privacy concerns.

MCP tunnels let agents reach internal MCP servers through a private gateway, eliminating inbound firewall rules and public endpoints. A outbound connection encrypts traffic end‑to‑end, so private databases, APIs, knowledge bases, or ticketing systems can be invoked without exposing them to the internet. Enterprise IT teams appreciate that the tunnel requires no inbound ports, reducing attack surface. Preview limited; request access before enabling the tunnel.

The self‑hosted sandbox shifts tool execution to a customer‑controlled environment while Anthropic retains the orchestration loop on its servers. Users may bring their own client or choose partners like Cloudflare, Modal, or Vercel, with the feature now in public beta. This architecture lets regulated sectors such as finance and healthcare adopt AI without violating compliance mandates.