| >Is this level of fear typical or reasonable? Of course. Also with regular customer projects. Even without AI--but of course having an idiot be able to execute commands on your PC makes the risk higher. > If so, why doesn’t Anthropic / AI code gen providers offer this type of service? Why? Separate the concerns. Isolation is a concern depending on my own risk appetite. I do not want stuff to decide on my behalf what's inside the container and what's outside. That said, they do have devcontainer support (like the article says). >Hard to believe Anthropic is not secure in some sense — like what if Claude Code is already inside some container-like thing? It's a node program. It does ask you about every command it's gonna execute before it does it, though. >Is it actually true that Claude cannot bust out of the container? There are (sporadic) container escape exploits--but it's much harder than not having a container. You can also use a qemu vm. Good luck escaping that. Or an extra user account--I'm thinking of doing that next. |