How we contain Claude across products★ 74
Hacker News (AI keywords)·5 days ago·Commentary
Anthropic describes containment as the core security strategy for increasingly capable Claude agents.
The post compares ephemeral containers for claude.ai, OS-level sandboxing and approvals for Claude Code, and VM isolation for Claude Cowork.
It also details missed risks, including pre-trust project config execution, user-delivered prompt injection, exfiltration through approved domains, and reduced enterprise visibility inside VMs.
