shield Security

The Claude Cowork sandbox

Cowork does real work on your computer, so it runs with guardrails. Here's how scoped permissions, approvals, and isolation keep agent actions contained and under your control.

How Cowork stays contained

shield

Contained execution

Cowork operates within boundaries you set — not free rein over your entire machine.

key

You grant access

It works in the folders and connected tools you approve, and nothing more by default.

fact_check

Review and approve

Sensitive actions surface for your approval, and you can pause or stop a run at any time.

How the sandbox works

Cowork runs locally and acts only within the scope you give it: the folders you point it to and the connectors you turn on. It shows its plan and progress as it works, so nothing happens out of view.

Because agents read untrusted content — emails, web pages, documents — Cowork is built with defenses against prompt injection, and keeps you in the loop for actions that matter. You stay in control, and you can stop a task mid-run.

Sandbox FAQ

What is the Claude Cowork sandbox? expand_more

It's the set of guardrails that contain what the agent can do — scoped file and tool access, approvals for sensitive actions, and the ability to stop a run at any time.

Can Cowork access files I didn't share? expand_more

By default it works in the folders and tools you connect. You decide what it can reach.

Is it safe to connect my tools? expand_more

Connectors are opt-in and scoped to what you enable. Cowork shows its plan and asks before sensitive actions, and you can revoke access anytime.

Can I stop Cowork mid-task? expand_more

Yes. You can steer, pause, or stop a run while it's working — you're always in control.

Explore More Features

Work with Cowork, safely

Download the desktop app and delegate with guardrails you control.