Agentic AI2026-05-25 · 6 min read

Anthropic Brings Agent Execution Inside Enterprise Security Perimeters

Anthropic introduced two new enterprise-focused features for its Claude Managed Agents platform on May 19, 2026, during its Code with Claude event in London. The first, self-hosted sandboxes, is now available in public beta; the second, MCP tunnels, has entered a limited research preview. Together, the features address one of the most persistent objections to deploying autonomous AI agents in regulated enterprise environments: the requirement that sensitive data, internal services, and tool execution leave the organisation's controlled infrastructure and pass through Anthropic's cloud.

With self-hosted sandboxes, enterprises can delegate tool execution — file reading, code execution, API calls, and browser actions — to their own infrastructure or to approved managed providers including Cloudflare, Daytona, Modal, and Vercel. The orchestration layer that manages context, memory, and error recovery continues to run on Anthropic's infrastructure, but the actions that touch sensitive data remain within the customer's security boundary. MCP tunnels extend this principle to private network connectivity: a lightweight gateway deployed by the customer makes a single outbound connection, routing MCP server traffic inside the private network without requiring inbound firewall rules or public endpoint exposure, with end-to-end encryption across all traffic. For enterprises managing thousands of internal MCP servers, Claude agents can now work with sensitive internal data without that data ever leaving the organisation's perimeter.

The announcement reflects how quickly the enterprise AI agent conversation has matured from what could agents do to how do we govern what agents access. The deployment of capable autonomous agents in finance, healthcare, and government contexts creates real legal and compliance risk if execution environments cannot be isolated and audited. Anthropic's move mirrors the typical evolution of enterprise software platforms: initially offered as fully managed cloud services, then progressively brought inside the customer perimeter to satisfy data residency, sovereignty, and security requirements. The self-hosted execution model gives AI agents the same security posture as traditional enterprise software running in a customer-managed environment.

For organisations in the UAE and across the GCC, where data residency requirements are embedded in sector-specific regulations for financial services, healthcare, and government workloads, self-hosted sandboxes and MCP tunnels are prerequisites for any serious enterprise agent deployment. The UAE's National Data Governance Framework and DIFC data protection regime both impose strict controls on where data can be processed. With Anthropic's latest release, organisations in Abu Dhabi and Dubai can now build Claude-powered agents that operate on local infrastructure, process data inside jurisdictional boundaries, and connect to internal knowledge bases without creating data-transfer compliance exposure.

For Diverge clients deploying agentic AI workflows across UAE government and enterprise environments, this development has immediate practical relevance. MawjazAI, Diverge's conversational AI agent platform, and DivergeInsight, its analytics engine, both operate in environments where data sovereignty is non-negotiable. The ability to configure agent execution sandboxes within a client's own UAE data centre — and to establish private MCP tunnels to internal HR, ERP, and document management systems — directly aligns with how Diverge architects enterprise deployments, enabling agents to work within the security perimeter where institutional intelligence lives.

Anthropic's self-hosted infrastructure strategy is likely to accelerate enterprise adoption of agentic AI in regulated markets. The combination of managed orchestration with customer-controlled execution resolves the single biggest governance objection to autonomous agents at scale, and other frontier model providers are expected to follow with their own perimeter-compatible deployment options. For enterprise CIOs and CISOs evaluating agentic platforms, the maturation of the security and governance story — sandboxed execution, private networking, policy enforcement, audit trails — removes the last major architectural reason to delay deployment.

Source: The Decoder