Domain 6Team Deployment, Security & Enterprise Readiness

Data Exfiltration Channels

TL;DR

Pathways through which data can leave the Cowork sandbox despite local file system restrictions.

Definition

Pathways through which data can leave the Cowork sandbox despite local file system restrictions. These include MCP server calls (sending data to connected services), Chrome browser actions (submitting forms, navigating URLs), and cURL commands (HTTP requests to arbitrary endpoints). The sandbox contains local access but not network egress.

Exam Context

A trap claims the VM sandbox prevents all data exfiltration. It does not — the sandbox restricts file system escape but allows outbound network traffic through multiple channels.

Related Lessons

Related Terms in Domain 6

Plan TiersRate Limit ResetsTenant RestrictionsThe Audit GapData Training PoliciesLocal-Only HistoryWeb Search Egress BypassCompliance Gaps
← Back to Domain 6 glossaryAll domains →