How we contain Claude across products

Anthropic documents the sandboxing approaches used across Claude.ai, Claude Code, and Cowork.

Anthropic explains how process sandboxes, VMs, filesystem boundaries, and egress controls limit what Claude agents can access. Claude.ai uses gVisor; local Claude Code uses Seatbelt on macOS and Bubblewrap on Linux; Cowork runs in a full VM. Simon Willison highlights the documentation quality, notes a previously missed file-exfiltration path, and plans to revisit Anthropic's open-source srt tool.

摘要由 AI 整理,以原文為準。