The ways we contain Claude across products (anthropic.com) AI

Anthropic describes how it contains the “blast radius” of its Claude agents (claude.ai, Claude Code, and Claude Cowork), using approaches such as human-in-the-loop approvals and stronger environment-level containment like sandboxes, VMs, ephemeral containers, and egress limits. The article argues that as models become more capable, pure supervision becomes unreliable (with “permission fatigue” reflected in telemetry), so defenses must overlap across the model layer, the execution environment, and external content/tools—and it details specific incidents and fixes, including Claude Code risks that were triggered before a user trust prompt.