Top AI Product

Anthropic shipped two features for Claude Managed Agents at its Code with Claude London event, both aimed at one enterprise objection: “I’m not letting an agent run my code on someone else’s servers.” Self-hosted sandboxes are in public beta; MCP tunnels are in research preview.

## The agent loop stays out, the work moves in

The split is the clever part. The agent loop — orchestration, context management, error recovery — keeps running on Anthropic’s infrastructure. But tool execution moves into a sandbox you control, so files and repositories never leave your perimeter, and your existing network policies, audit logging, and security tooling apply. You can self-host or use managed providers like Cloudflare, Daytona, Modal, and Vercel.

## Tunnels instead of open ports

MCP tunnels solve the matching problem for data: how does an agent reach an MCP server inside your private network without you exposing it to the internet? A lightweight gateway you deploy makes a single outbound connection — no inbound firewall rules, no public endpoints, traffic encrypted end to end.

## Why it matters

Enterprise agent adoption keeps stalling on data control, not capability. Keeping execution and private data inside the customer’s boundary while Anthropic runs the reasoning is a concrete answer to the compliance teams blocking deployments — and a template for how agent vendors reach regulated industries.