Anthropic’s self-hosted sandboxes for Claude Managed Agents let enterprises keep code execution and data on their own infrastructure while the model’s reasoning and orchestration run in Anthropic’s cloud.

OpenShell provides the missing security layer for this execution environment with kernel-enforced isolation, granular per-binary network policy, credential isolation, and deny-by-default sandboxing. By integrating Claude’s container-per-session workers with OpenShell sandboxes across Podman and OpenShift drivers, organizations can safely run untrusted agent-generated code on their own systems while returning only sanitized results to Anthropic.