Domain 1Cowork Foundations & Agentic Architecture

Sandboxed Virtual Machine (VM)

TL;DR

The isolated execution environment where Cowork runs on your local machine.

Definition

The isolated execution environment where Cowork runs on your local machine. The VM acts as a secure container — Claude can read, write, and manipulate files within it, but cannot access anything outside the folders you explicitly grant. If Claude runs bad code or makes an error, the damage stays inside the sandbox.

Exam Context

A frequently tested concept. Know that the VM runs locally (not in the cloud), that closing the app or sleeping the computer stops execution immediately, and that Computer Use operates outside the VM boundary.

Related Lessons

Related Terms in Domain 1

Agentic ArchitectureExecution PipelineExecution PlanSub-AgentDirectory ScopingDeletion ProtectionTask DelegationNetwork Egress Controls
← Back to Domain 1 glossaryAll domains →