Claude Agents Can Now Connect to Enterprise APIs Without Leaking Credentials

The main obstacle preventing enterprises from linking AI agents to internal APIs and databases hasn't been the models themselves, but rather the security of sensitive credentials. Typically, agents carry authentication tokens with them as they execute tool calls, posing a risk that a compromised or misbehaving agent could misuse these credentials. Anthropic is tackling this issue with two new features for Claude Managed Agents: self-hosted sandboxes and MCP tunnels.

Self-hosted sandboxes enable teams to run tool execution within their own infrastructure, while MCP tunnels connect agents to private MCP servers without exposing credentials. This shift moves credential control to the network boundary, rather than leaving it within the agent. Currently, self-hosted sandboxes are available in public beta for Claude Managed Agent users, and MCP tunnels are in research preview.

Other model providers, such as OpenAI, are also addressing this concern. In April, OpenAI introduced local execution to its Agents SDK in response to similar demand. Anthropic's approach differs in its architecture, splitting the agent loop, which runs on Anthropic's infrastructure, from tool execution, which runs on the enterprise's system.

This separation isn't present in existing sandbox approaches, including OpenAI's. The rapid adoption of sandboxes and agents in enterprise production has outpaced the development of a mature security architecture. Typically, credentials are passed through the agent as it executes tool calls against internal systems, allowing a compromised agent to cause significant damage.

Self-hosted sandboxes and MCP tunnels aim to mitigate this risk by keeping credentials secure. For orchestration teams, these capabilities offer more than just enhanced security; they also improve agent performance. However, teams must understand how this split architecture affects their deployment.

By separating tool execution and agent orchestration, enterprises can better map agent workflows. For teams already using Claude Managed Agents, a practical starting point is to implement self-hosted sandboxes, while teams evaluating the platform should consider the sandbox architecture as a key differentiator.