The flashy AI announcements get the headlines — new model, higher benchmark, longer context. But if you've ever tried to actually deploy an agent inside a company with a security team, you know the model was never the hard part. The hard part is the question every CISO asks in the first meeting: how does this thing touch our systems without becoming the breach we read about next quarter?
On June 18, Anthropic answered the last open piece of that question. And the answer is delightfully unglamorous.
The news: identity finally caught up
Anthropic shipped Enterprise-Managed Authorization for Claude's MCP connectors. In plain terms: an admin provisions a connector once through the company's identity provider, and every employee inherits access automatically on first login. No individual OAuth consent screens. No "click allow" forty thousand times across the org. When someone leaves or changes roles, their connector access gets revoked alongside every other app — because it's governed by the same identity rules.
Okta is the first identity provider, using its Cross App Access plumbing. The connectors live at launch: Asana, Atlassian, Canva, Figma, Granola, Linear, and Supabase, with Slack rolling out. It's in beta, Team and Enterprise plans only.
If you've never run IT for a large org, this sounds like a footnote. If you have, you know it's the difference between "we piloted it with five people" and "it's live for the whole company."
The two pieces this builds on
Here's the context most of the recap posts are getting wrong: this isn't a standalone drop. It's the capstone on two features Anthropic shipped a month earlier, on May 19. Together the three are the actual enterprise story.
Self-hosted sandboxes (public beta) moved tool execution out of Anthropic's infrastructure and into an environment you control — your own infra, or a managed provider like Cloudflare, Daytona, Modal, or Vercel. The clever bit is the split: the agent loop that handles orchestration, context, and error recovery stays on Anthropic's side, but the code actually runs inside your perimeter. Your files don't leave. Your network policies and audit logging already apply. You set the compute.
MCP tunnels (research preview) solved the other half. Your agents can now reach MCP servers sitting inside your private network without exposing them to the public internet. A lightweight gateway you deploy makes a single outbound connection — no inbound firewall rules, no public endpoint, encrypted end to end. Your internal Postgres, your private APIs, your ticketing system become tools the agent can call, and none of them ever face the open web.
Why the trio matters
Line them up and you can see the strategy. The classic enterprise objection to AI agents has always been some version of "we can't let an external service into our internal systems." Anthropic just dismantled that objection at three different layers at once.
Tunnels mean no public endpoint and no VPN exceptions. Sandboxes mean code execution never leaves your walls. And enterprise-managed auth means access is provisioned and revoked through the identity system you already trust. Each one removes a specific veto that a security team can throw. Stack them and the "no" gets very hard to justify.
That's the real shift here. The bottleneck for enterprise AI was never reasoning quality. It was governance, and governance is exactly what this release is about.
The honest caveats
I'd be doing you a disservice if I made this sound finished. MCP tunnels is still a research preview — you request access, it's not broadly available. Self-hosted sandboxes is public beta, which means it's real but you should expect rough edges. And the enterprise-managed auth is beta, Team and Enterprise only, with Okta as the sole identity provider for now. If your stack runs on a different IdP, you're waiting.
So this is a direction, not a finished product. But it's the right direction, and it's further along than anything comparable from the other labs.
The takeaway
This release won't trend the way a new model does. There's no benchmark to screenshot. But if your job is getting agents past a security review and into production, this is the most important thing Anthropic has shipped this quarter. They made the deployment story boring — predictable, governable, auditable — and boring is precisely what enterprise buyers have been waiting for.
The model was always good enough. Now the plumbing is catching up.
No comments:
Post a Comment