The explanation enterprises have been sluggish to attach AI brokers to inside APIs and databases isn't the fashions — it's the credentials. In most manufacturing deployments, the agent carries authentication tokens with it because it executes device calls, which suggests a compromised or misbehaving agent takes the keys with it.
Anthropic is addressing that downside with two new capabilities for Claude Managed Brokers: self-hosted sandboxes, which let groups run device execution inside their very own infrastructure perimeter, and MCP tunnels, which join brokers to personal MCP servers with out exposing credentials within the agent's context. Collectively they transfer credential management to the community boundary reasonably than leaving it contained in the agent.
Proper now, self-hosted sandboxes can be found to Claude Managed Agent customers in public beta, whereas MCP tunnels are presently in analysis preview.
Anthropic isn't the one mannequin supplier making this wager. OpenAI added native execution to its Brokers SDK in April in response to related demand. The architectural distinction Anthropic attracts is a cut up: the agent loop runs on Anthropic's infrastructure, whereas device execution runs on the enterprise's personal system — a separation that present sandbox approaches, together with OpenAI's, don't make.
The structure downside in sandboxes and brokers
MCP moved to enterprise manufacturing quicker than the safety structure round it matured. In most deployments, credentials journey by the agent itself because it executes device calls in opposition to inside techniques — which means a compromised or misbehaving agent has every little thing it must trigger injury.
Self-hosted sandboxes, similar to these provided on Claude Managed Brokers, assist maintain information and packages inside an enterprise's infrastructure. The agentic loop—orchestration, context administration and error restoration—strikes to the platform, and ideally, enterprises management compute sources.
This permits the agent to finish device calls with out holding the keys that unlock it.
Personal community connectivity works equally — a light-weight outbound-only gateway contained in the group's community, with no credentials passing by the agent.
Orchestration groups get some management
For orchestration groups, the capabilities symbolize greater than only a safety replace; they assist brokers run higher. However the very first thing they should perceive is how this cut up structure can have an effect on their deployment.
Since sandboxes decide device execution places and the sources brokers entry, and MCP tunnels inform brokers tips on how to attain inside techniques, these are separate considerations—splitting them up allows enterprises to map brokers' workflows extra successfully.
For groups already on Claude Managed Brokers, the sensible start line is sandboxes — transfer device execution onto your individual infrastructure and take a look at the boundary earlier than touching MCP tunnels, that are nonetheless in analysis preview. Groups evaluating the platform for the primary time ought to deal with the sandbox structure as the first technical differentiator: it's the piece that adjustments the menace mannequin, not simply the deployment mannequin.
