security Security Infrastructure

Securing Your Workspace: VM Isolation & Local Execution.

Cowork runs inside an isolated Linux virtual machine using Apple's Virtualization Framework, ensuring your autonomous agent operates within strict, user-defined boundaries. Safety by design, local by default.

Directory Selection

The first layer of defense is isolation. Choose specific, dedicated folders for your agent. Claude Cowork can only access folders you explicitly mount to the VM—it cannot traverse your system root or personal directories without your permission.

Security Rule

Never include ~/Library or system configuration folders in your selection.

config.yaml

folder /Users/local/Agent_Workspace/

macOS Permission Granting

Using Apple's native security, you manually authorize Accessibility and Screen Recording permissions. This means macOS itself controls every interaction between the agent and your screen.

System Walkthrough

System Settings > Privacy & Security > Accessibility

touch_app

videocam

Execution Boundaries

Define strict operational limits. Claude will ask before taking any significant actions so you can review and approve. These boundaries are enforced at the VM level, providing strong isolation between the agent and your system.

Safety Lock

Default configuration disables 'Permanent Deletion' for all users.

verified_user Secure Perimeter

shield

Our Privacy Promise

Claude Cowork is built local-first. Your documents, keystrokes, and screenshots never leave your device—not for training, not for cloud storage.

Our security architecture leverages Apple's Virtualization Framework for hardware-level isolation. While we've built sophisticated defenses, agent safety remains an active area of development—always exercise caution when granting file access.

cloud_off No Cloud Training

lock End-to-End Local

Ready to Fortify?

Ensure your workspace meets all security requirements before deployment.

menu_book View Security Setup Guide