We contain Claude across products (simonwillison.net)

Anthropic has unveiled a comprehensive overview of its sandboxing techniques implemented across its AI products, Claude.ai, Claude Code, and Claude Cowork. This announcement is significant for the AI/ML community as it enhances transparency regarding the safety and trustworthiness of AI systems. By detailing their use of process sandboxes, virtual machines (VMs), filesystem boundaries, and egress controls, Anthropic aims to establish strict boundaries to prevent unauthorized access to sensitive data. For instance, by ensuring that credentials do not enter the sandbox environment, the risk of data exfiltration is mitigated, even from creative exploits or potential attacks. The technical specifics highlight that Claude.ai uses gVisor, while Claude Code relies on Seatbelt for macOS and Bubblewrap for Linux. Claude Cowork employs a full VM, utilizing Apple's Virtualization framework on macOS and HCS for Windows. This layered approach to security is critical in addressing vulnerabilities, as exemplified by previous concerns regarding potential exfiltration vectors. Anthropic's commitment to improved documentation and open-source tools, like its Anthropic Sandbox Runtime (srt), signals a push towards creating more secure and reliable AI frameworks, fostering greater trust in AI technologies.