How we contain Claude across products

This article provides a detailed technical overview of how Anthropic implements sandboxing across its Claude products, including Claude.ai, Claude Code, and Cowork. It explains the use of process sandboxes, VMs, filesystem boundaries, and egress controls to constrain agent actions and prevent credential exfiltration. Specific technologies mentioned include gVisor for Claude.ai, Seatbelt on macOS and Bubblewrap on Linux for Claude Code, and full VMs for Claude Cowork. The article also references past security risks and the open-source srt (Anthropic Sandbox Runtime) tool, making it relevant for developers and IT professionals interested in security, sandboxing, and AI product containment.