How we contain Claude across products
Original: The ways we contain Claude across products
Anthropic explains how it limits Claude agents’ blast radius across claude.ai, Claude Code, and Claude Cowork.
Anthropic describes containment as the core security strategy for increasingly capable Claude agents. The post compares ephemeral containers for claude.ai, OS-level sandboxing and approvals for Claude Code, and VM isolation for Claude Cowork. It also details missed risks, including pre-trust project config execution, user-delivered prompt injection, exfiltration through approved domains, and reduced enterprise visibility inside VMs.
In this article, Anthropic breaks down the security problem of Claude agent products into one core engineering question: as models become increasingly capable and are authorized to access more files, shells, networks, and internal services, one should not only ask "will the model do something bad," but more importantly ask "even if it does the wrong thing, how much harm can it cause at most." The article argues that relying on human step-by-step approval or model-layer protection alone is not enough, because users experience approval fatigue, and classifiers and prompt-based defenses can never be 100% accurate; therefore, a more reliable approach is to establish hard boundaries at the environment layer.
Free shows the 3-line summary; Pro unlocks the full deep summary (~300 words) so you never have to click through.
See Pro plans →Want the original English / full article?
Read on Hacker News (AI keywords) →Related
Summaries are AI-generated; the original article is authoritative.