Claude Managed Agents opens self-hosted sandboxes and MCP encrypted channels; Anthropic is bringing the execution environment into enterprise intranets

📄Full Article· Automatically extracted by trafilaturaGemini 翻譯2006 words

Anthropic announced on the 19th the addition of two enterprise features to Claude Managed Agents: self-hosted sandboxes and MCP tunnels. The former allows tool execution to be moved from the Anthropic cloud to the customer's own infrastructure; the latter provides end-to-end encrypted connections for AI agents without the need to open firewall ports. (Context: Anthropic launches Claude Managed Agents: connecting AI Agent infrastructure for $0.08/hour, significantly cutting development time) (Background: What is Claude? A complete guide to costs, features, Claude Code, and Cowork — 2026 Anthropic guide) Two enterprise features: self-hosted sandboxes and MCP tunnels. This choice contrasts with the mainstream enterprise strategies of OpenAI and Google. Anthropic announced on the 19th the addition of these two enterprise solutions to Claude Managed Agents. Most enterprise solutions require tools, data, or execution environments to enter vendor-hosted clouds; Anthropic takes the opposite approach with an architecture where "orchestration stays with me, execution is sent back to the client." A "sandbox" is an isolated environment where an AI agent executes tools. Imagine a virtual workbench that is cleared after every task, preventing the agent's actions from affecting external systems or leaking sensitive data. In the past, this workbench was managed by Anthropic; now, Anthropic is returning control to the enterprise. The architectural split is clear: Anthropic continues to handle the agent loop—the "brain" work such as orchestration, context management, and error recovery—while the actual execution of tools is moved to the customer's own infrastructure. Four partners handle different enterprise needs: Cloudflare focuses on lightweight and zero-trust security. Its solution uses microVMs paired with lightweight isolates (which can be understood as execution units lighter than containers), supports zero-trust credential injection (secrets are not stored on disk), provides auditable and modifiable egress traffic, and can connect to Cloudflare's own internal network. Daytona is positioned as a "fully functional composable computer," emphasizing long-running stateful execution: agents can pause and restore from the original point without losing progress due to task interruptions. It supports SSH connections or preview URLs, making it suitable for workflows that require human review of intermediate results. Modal is designed for AI workloads. Its sandboxes share the same infrastructure as its existing functions, storage, and networking, achieving sub-second startup times and claiming scalability to hundreds of thousands of concurrent sandboxes. Both CPU and GPU are supported with on-demand billing, suitable for scenarios requiring large-scale parallel inference or training. Vercel's solution emphasizes isolation and data residency. The sandbox uses VM-level security isolation, paired with VPC peering (allowing two private networks to communicate directly without passing through the public network) and a "bring your own cloud" option, with startup times in the millisecond range. The key design is that credentials are injected by the firewall at the network edge and never enter the sandbox itself. MCP (Model Context Protocol) is a standard interface for AI agents to connect to external tools and data. The problem is that the systems most valuable to enterprises—internal databases, private APIs, knowledge bases, and ticketing systems—are almost all behind firewalls and are not publicly accessible. This creates a contradiction: for an agent to be truly useful, it must connect to these private systems; but to connect, enterprises must open inbound firewall rules or set up public endpoints, which is unacceptable to security teams. MCP tunnels directly unlock this. Enterprises deploy a lightweight gateway within their private network, which establishes a single outbound connection from the inside out, rather than waiting for external connections. This means: no inbound firewall rules, no public endpoints, and traffic is end-to-end encrypted. For security departments, this architecture is similar to the concept of a VPN reverse proxy: the connection is initiated from the inside, and the outside cannot actively reach internal systems. The agent accesses the private MCP server through this tunnel, effectively gaining the ability to connect to internal systems within a compliant framework. MCP tunnels support both Managed Agents and the Messages API, managed centrally by organization admins from the Claude Console's workspace settings, without requiring individual configuration by each developer. Back to April of this year. Anthropic first launched Managed Agents on April 8, priced at approximately $0.08/hour, positioned as "helping enterprises save the time and cost of building agent infrastructure." At the time, external interpretation focused mostly on the pricing model: an hourly agent rental service. This update reveals a deeper strategic intent: Anthropic is competing not just for "who is using Claude," but for "architectural dominance of enterprise AI infrastructure." Self-hosted sandboxes provide an option for enterprises with strict data sovereignty requirements, such as finance, healthcare, and government. MCP tunnels solve the problem most frequently encountered by AI agents in enterprise environments: how to connect to internal

Data Status✓ Full text extractedRead Original (動區 BlockTempo)

🔍Historical Similar Events· Keyword + Asset Matching6 items

2026-05-25

The White House has reached an agreement with Anthropic, and the NSA will fully integrate Claude AI.

2026-05-20

A Deep Dive into the Story Behind Anthropic's Ban Wave: The Safety Religion, the AI Civil War, and Claude's Dilemma Amid US-China Decoupling

2026-05-19

Anthropic shredded and destroyed 2 million books directly after scanning them to train Claude

2026-05-15

Musk's xAI launches "Grok Build" to challenge Claude: up to 8 parallel AI agents, 2 million token context window

Similarity 170%關鍵字 claude/agents同分類 zh

2026-05-14