Anthropic’s Enterprise AI Strategy: Private Claude Agents, MCP Tunnels, and the KPMG Partnership

One of the major additions is the self‑hosted sandbox, now available in public beta.

A sandbox is the environment where an agent executes code, edits files, and interacts with tools. With the new approach, companies can run this environment inside infrastructure they control, rather than in a third‑party runtime.

This means that:

• Files, logs, and intermediate outputs remain within the company’s network.
• Internal tools and data sources can be accessed without moving them to external platforms.
• Security, compliance, and runtime policies can be managed using existing enterprise controls.

Organizations can host these sandboxes on their own systems or through infrastructure providers such as Cloudflare, Daytona, Modal, or Vercel that supply isolated compute environments.

For sectors such as finance, healthcare, or legal services—where regulatory compliance and data boundaries are strict—this deployment model can make autonomous AI agents more viable.

MCP Tunnels: Secure Access to Private Tools and Data

Anthropic also introduced MCP tunnels, currently in research preview, which solve another common enterprise challenge: letting AI agents reach internal services without exposing them publicly.

MCP tunnels connect Claude Managed Agents to private Model Context Protocol (MCP) servers, allowing companies to expose approved internal resources—such as APIs, databases, or proprietary tools—to the agent.

Crucially, this connection happens through a secure routing layer rather than by opening the internal systems to the public internet. The result is a controlled pathway where agents can act on internal resources while existing security boundaries and authentication systems remain intact.

Together with self‑hosted sandboxes, MCP tunnels allow enterprises to keep both agent execution and system access inside trusted network boundaries.

A “Brain and Hands” Architecture for Enterprise AI

Anthropic’s architecture effectively separates the agent into two layers:

• The “brain”: Claude’s reasoning and orchestration managed on Anthropic’s platform.
• The “hands”: execution environments and tool connections running inside the customer’s infrastructure.

This split design lets organizations benefit from frontier AI models while retaining control over where code runs and how internal systems are accessed—one of the main operational concerns for large enterprises adopting AI agents.

The KPMG Alliance: A Massive Enterprise Deployment

Alongside these technical updates, Anthropic announced a global partnership with KPMG, one of the world’s largest professional services firms.

The alliance will integrate Claude into KPMG Digital Gateway, the company’s client delivery platform, with early use cases focused on tax, legal, and private‑equity clients.

Through the partnership:

• Claude will be embedded directly into KPMG’s internal and client workflows.
• More than 276,000 KPMG employees across 138 countries will gain access to the system.
• The platform runs on Microsoft Azure, aligning Claude with enterprise cloud infrastructure widely used for identity, compliance, and security management.

This kind of rollout is significant not just for scale but for distribution. A major consulting firm becomes both a large user of the technology and a channel for deploying it to clients.

What It Signals About the Enterprise AI Race

Anthropic’s latest moves highlight how the competitive focus in enterprise AI is evolving.

Early competition centered on model benchmarks and capabilities. Now, the differentiator is increasingly deployment architecture—how safely and flexibly AI can integrate with corporate systems.

For large organizations evaluating AI agents, the key questions include:

• Where does the agent execute code?
• Does sensitive data leave the company’s infrastructure?
• Can internal tools be accessed securely without public exposure?
• Does the system integrate with existing cloud and compliance environments?

Features like self‑hosted sandboxes and MCP tunnels aim to answer those questions directly, while partnerships like the KPMG alliance show how AI providers are building large‑scale enterprise distribution networks.

In practice, the future of enterprise AI may hinge less on which model is smartest—and more on which platforms can safely run inside the world’s most sensitive corporate environments.