Enterprise AI Agents Just Got a Lot More Secure: Two Critical Features from Anthropic
"We can't let our data leave our network." And: "We're not exposing our internal services to the public internet."
These two objections have quietly killed more enterprise AI agent projects than any technical limitation ever could.
Anthropic just made both of them obsolete.
Today, Claude Managed Agents gained two new capabilities: self-hosted sandboxes (public beta) and MCP tunnels (research preview). Together, they represent the most significant infrastructure step toward making AI agents actually deployable in enterprise environments.
What Was Broken
Most enterprise AI agent projects don't fail because the AI isn't good enough. They fail in the security review.
The scenario plays out the same way every time. A promising proof-of-concept reaches the IT or legal team. Someone asks, "where exactly is our data being processed?" The honest answer is "on Anthropic's servers." The project stalls. Sometimes it never recovers.
This isn't paranoia. It's GDPR, HIPAA, sector-specific regulations, and internal data governance policies doing exactly what they're supposed to do. The question of where data is processed is a legal question, not just a technical one.
Until today, there was no clean answer.
What Changed
Self-Hosted Sandboxes (Public Beta)
The agent's tool execution layer can now run entirely inside your own infrastructure.
Anthropic still manages the agent loop: orchestration, context management, error recovery. But whenever the agent touches a file, executes code, or interacts with a service, that execution now happens inside your perimeter.
Supported providers: Cloudflare, Daytona, Modal, Vercel, or your own on-premise infrastructure.
In practice: customer data, internal files, and private services never reach Anthropic's servers. The agent operates, but everything it touches stays with you.
MCP Tunnels (Research Preview)
Agents can now reach your private MCP servers without exposing anything to the public internet.
A lightweight gateway runs inside your network and opens a single outbound-only connection. No inbound traffic. No firewall rule changes. No public endpoints. End-to-end encrypted.
Through this tunnel, agents can access internal databases, CRMs, private APIs, knowledge bases, and ticketing systems. None of which ever need to be publicly routable.
Why This Is a Turning Point
These two features directly address the two most common enterprise blockers:
Blocker 1: "Our data can't leave our network." Self-hosted sandboxes keep tool execution and data inside your perimeter.
Blocker 2: "We won't expose internal services to the public internet." MCP tunnels eliminate that requirement entirely.
What's significant isn't just the technical capability. It's what it does to the conversation inside organizations. The "we can't do this" becomes "how do we do this." That's the shift that actually drives adoption.
What Enterprises Should Do Now
This announcement is an architectural decision point, not just a feature update.
If you have an AI agent project in progress or on the roadmap, these are the questions worth asking now:
- Which data does your agent touch, and where is it currently being processed?
- How are your internal tools connected to the agent, and is that connection secure?
- Do your current compliance requirements demand on-premise execution or private network access?
The answers will determine whether your architecture needs self-hosted sandboxes, MCP tunnels, or both, and how urgently.
Where Privent Comes In
We've been running into these exact blockers with enterprise clients for a long time.
Every time we'd push an agent project toward production, the security and data governance conversation would surface. Not because clients didn't want AI agents. They did. But the infrastructure to make it compliant didn't exist yet.
Today's announcement puts that infrastructure in place.
At Privent, we help enterprises navigate exactly this layer: designing the right agent architecture, configuring self-hosted sandbox environments, integrating internal tools securely over MCP, and making sure deployment meets compliance requirements from day one.
If you've had an agent project stall at the security review stage, this changes the calculus. Let's talk.
The Bottom Line
AI agents are no longer a "we'll figure out the security later" conversation. Self-hosted sandboxes and MCP tunnels make enterprise-grade, compliance-ready agent deployment possible today, not in some future version of the technology.
The organizations that move now will have a meaningful head start on the ones still waiting for the infrastructure to mature.
It's here.
Sources
- Anthropic Official Announcement
- Self-Hosted Sandboxes Documentation
Found this useful? Share it with your engineering or security team. This is the kind of infrastructure update that changes project decisions.
