Enterprise adoption of AI agents has stalled not because of model limitations, but due to security concerns around credential management. When AI agents execute tool calls against internal APIs and databases, they often carry authentication tokens—creating a significant risk if the agent is compromised. Anthropic is tackling this challenge with two new capabilities in its Claude Managed Agents offering: self-hosted sandboxes and MCP tunnels.
Why credential security is the real AI adoption barrier
In most production deployments, AI agents transport authentication tokens during tool execution. This means a compromised agent could expose enterprise credentials, potentially leading to data breaches or unauthorized system access. Anthropic's solution shifts credential control away from the agent itself, moving it to the network boundary where enterprises can better monitor and restrict access.
The company isn't alone in addressing this issue. OpenAI introduced local execution capabilities to its Agents SDK in April, responding to similar enterprise security demands. However, Anthropic differentiates its approach through a split architecture where the agent loop runs on its infrastructure while tool execution occurs within the enterprise's own systems—unlike other solutions that don't separate these components.
How self-hosted sandboxes and MCP tunnels work
Self-hosted sandboxes allow enterprises to run tool execution within their own infrastructure perimeter. The agent's orchestration, context management, and error recovery continue running on Anthropic's platform, but sensitive operations occur within the organization's controlled environment. This configuration ensures agents can complete tool calls without retaining the credentials that enable them.
MCP tunnels provide a lightweight outbound-only gateway within the enterprise network. This approach prevents credentials from ever passing through the agent, significantly reducing exposure to potential compromise. Both features are currently available in different stages—self-hosted sandboxes are in public beta for Claude Managed Agents users, while MCP tunnels remain in research preview.
Key considerations for enterprise deployment teams
For orchestration teams evaluating these capabilities, understanding the architectural split is crucial. Sandboxes determine where tool execution happens and which resources agents access, while MCP tunnels define how agents connect to internal systems. This separation allows enterprises to map agent workflows more precisely and implement granular security controls.
Teams already using Claude Managed Agents should begin with sandboxes by moving tool execution to their own infrastructure first. They can then evaluate MCP tunnels once they're ready to move beyond the research preview phase. Organizations considering the platform should prioritize the sandbox architecture as the primary technical differentiator, as it fundamentally changes the threat model compared to traditional deployment approaches.
The future of secure AI agent deployment lies in shifting control away from the model and toward the enterprise's infrastructure. As these security features mature, they could accelerate AI adoption across industries that have been hesitant to deploy agents due to credential security concerns.
AI summary
Anthropic’in yeni sandbox ve MCP tünelleri özellikleriyle AI ajanları dahili sistemlere bağlanırken kimlik bilgilerini riske atmadan çalışabilecek. Kurumsal güvenlikte yeni bir dönem başlıyor.
