If you last evaluated Claude for enterprise use 6 months ago, you are evaluating a completely different product today.

Anthropic spent 2025 and the first half of 2026 shipping exactly the features that engineering, security and compliance teams were actually asking for. None of this is demo bait. Every update released in this window addresses a concrete, frequently cited blocker for production deployment.

This roundup covers the full set of changes, what works today, and what gaps remain.

Deployment boundary control, finally

For two years the number one objection from enterprise security teams to any agent product was simple: you are asking us to let third party code run arbitrary tools and access our internal systems. No amount of trust in Anthropic fixed that.

That objection is gone as of this week. With the new self-hosted sandboxes for Claude Managed Agents, only the agent orchestration loop runs on Anthropic infrastructure. All tool execution, all code runs, all file access happens entirely inside your network boundary.

You retain full control over runtime images, resource sizing, network policies, audit logging and egress filtering. Anthropic never sees the files your agent works on, never receives the output of executed tools, and never makes outbound requests on your behalf. You can allocate as much CPU, memory or GPU capacity as required for agent workloads, with no hard limits imposed by Anthropic's infrastructure.

Supported sandbox providers at launch are Cloudflare, Daytona, Modal and Vercel. You can also run the sandbox entirely on unmanaged internal infrastructure.

Alongside this, MCP tunnels are now available in research preview. This lets agents connect directly to private Model Context Protocol servers running inside your perimeter, without exposing any endpoints to the public internet or proxying traffic through Anthropic.

This is not a minor feature. This is the first time any major LLM vendor has shipped a managed agent product that does not require you to break your existing security perimeter.

Regulated and government workloads

In November 2025 Claude received full FedRAMP High and DoD IL2 authorization running on Google Cloud Vertex AI.

This is not a provisional authorization. Federal civilian agencies, law enforcement, healthcare and defense contractors can deploy Claude today for sensitive unclassified workloads. All Claude models including 3.7 Sonnet are covered under this authorization.

Work is ongoing for IL5 certification which will open up most non-top secret Department of Defense workloads.

For teams outside government this is still a relevant signal. FedRAMP High is one of the most rigorous third party security audits available for cloud services. Any organization operating under GDPR, HIPAA, PCI or SOC2 can treat this authorization as independent validation of the platform security controls.

Native cloud platform integrations

Anthropic has avoided the common trap of only selling direct. You can now run the full Claude Platform natively on all three major clouds, with full native identity, billing and audit.

On AWS, the Claude Platform is generally available as of May 11 2026. This is not the Bedrock hosted model. You get the full feature set including Managed Agents, prompt caching, files API, MCP connectors and advisor strategy, all authenticated via AWS IAM, logged to CloudTrail, and billed against your existing AWS commitments. All new features ship day and date with the native Claude API.

On Microsoft 365, Claude Sonnet 4 and Opus 4.1 are available as first class model options inside 365 Copilot. You can select Claude to power the Microsoft Researcher agent, or build custom agents in Copilot Studio using Anthropic models. This rolled out to all licensed enterprise customers in September 2025.

On Google Cloud, Claude remains available on Vertex AI with the compliance authorizations noted above.

No other frontier LLM vendor has this level of native integration across all three major enterprise clouds.

Operational and compliance tooling

The biggest missing piece for enterprise LLM platforms has always been admin tooling. For most vendors you get an API key, a usage dashboard, and nothing else.

Anthropic shipped the Compliance API in March 2026. This gives security and admin teams programmatic access to a full audit log of all organization activity: user logins, workspace changes, API key creation, permission updates and configuration changes.

You can filter logs by user, time range or resource, and feed this feed directly into your existing SIEM and compliance systems.

Importantly, the Compliance API explicitly does not log inference activity or user prompts. This avoids the common failure mode where audit logging creates a giant new sensitive data store that you then have to secure and comply with regulation for.

In addition Claude Security entered public beta this month. Opus 4.7 is available as a managed code vulnerability scanner for all enterprise customers. No custom integration is required. You can run full repository scans, generate patches and track triage status directly from the Claude platform.

Pricing and team scaling

In January 2026 Anthropic cut pricing for the Claude Team plan by roughly 30% across the board.

Standard team seats are now $20/month annual, $25/month monthly. Premium seats are $100/month annual, $125/month monthly.

Premium seats include 5x the usage allowance of standard seats. All seats include Claude Code, shared workspaces and connectors. Data is never used for model training by default.

This puts Claude Team pricing roughly at parity with ChatGPT Team, while including significantly higher usage limits and enterprise admin controls.

What this means for you

If you are an ML engineer evaluating enterprise LLM platforms right now, the field has shifted.

12 months ago Anthropic had the best model, and effectively no enterprise platform. Today they have the most complete production deployment stack of any frontier model vendor.

All of these updates solve real problems. None are marketing features. There is no other vendor right now that will let you run managed agents without breaking your security perimeter, that runs natively on all three clouds, that has FedRAMP High authorization, and that provides usable audit tooling.

There are still gaps. MCP tunnels are still research preview. There is no built in DLP for inference. IL5 authorization is not yet complete. Usage reporting is still weaker than most enterprise software.

But for the first time, Claude is no longer just the model you wish you could deploy. It is now the platform you can actually deploy.