alt Hacker NewsIt looks like they have a sandbox around file access - which is great! - but the problem remains that if you grant access to a file and then get hit by malicious instructions from somewhere those instructions may still be able to steal that file.
Replies
ramoz • yesterday at 8:38 PM
So sandbox and contain the network the agent operates within. Enterprises have done this in sensitive environments already for their employees. Though, it's important to recognize the amplification of insider threat that exists on any employees desktop who uses this.
In theory, there is no solution to the real problem here other than sophisticated cat/mouse monitoring.
➕ show 1 reply
It seems there's at least _some_ mitigation. I did try to have it use its WebFetch tool (and curl) to fetch a few websites I administer and it failed with "Unable to verify if domain is safe to fetch. This may be due to network restrictions or enterprise security policies blocking claude.ai." It seems there's a local proxy and an allowlist - better than nothing I suppose.
Looks to me like it's essentially the same sandbox that runs Claude Code on the Web, but running locally. The allowlist looks like it's the same - mostly just package managers.