How Anthropic contains Claude across products — sandboxes, VMs, and egress controls

Summary

Anthropic published a detailed account of how it constrains Claude agents across its product surfaces, built on the principle of hard boundaries — process sandboxes, virtual machines, filesystem restrictions, and egress controls. The governing maxim: "if credentials never enter the sandbox, they can't be exfiltrated, regardless of whether the cause is a user, a model finding a 'creative' path, or an attacker." The containment posture is treated as defense-in-depth that does not rely on the model