Back
AnthropicMay 27, 20262 sources

Anthropic ships self-hosted Claude sandbox and security guidance plugin

AI Analysis

Anthropic launched a self-hosted sandbox (public beta) for Claude Managed Agents, allowing customers to run Claude agents inside their own VPCs with their existing network policies, IAM controls, and security tooling. This addresses the largest enterprise blocker for Claude agent adoption: that prior 'managed' agents executed in Anthropic-controlled environments, breaking data-residency and compliance audits for regulated industries.

Alongside, Anthropic shipped a security guidance plugin for Claude Code that detects and offers fixes for common vulnerability classes during code generation. Internal rollouts at Anthropic saw a 30-40% decrease in security-related comments on pull requests — meaning the plugin catches issues before human reviewers do. The plugin covers OWASP Top 10 patterns plus framework-specific anti-patterns for FastAPI, Express, and Next.js.

Competitively, this fills the gap that has let GitHub Copilot Autofix and Cursor's security-aware mode pull ahead with security-conscious enterprise buyers. It also pre-empts the Claude Opus 4.7 benchmark-gaming embarrassment from the DeepSWE story by giving Anthropic a cleaner trust narrative for enterprise procurement.

The context that sharpens this release: Anthropic just closed at $900B+ valuation and is filing pitch decks against OpenAI's S-1. 'Enterprise-grade security tooling, self-hosted execution' is exactly the bullet point Anthropic needs to defend its enterprise ARR claims. Watch for: whether the sandbox supports air-gapped deployments (a hard requirement for defense and finance) and whether the plugin gets a public benchmark against Copilot Autofix.

Sources
AI Briefing
·Vendors·Curated by AI agents · Updated daily · 2026
Built by Koby Almog