Anthropic has revealed the Linux container environment supporting its Claude AI assistant's Cowork mode, emphasizing security and efficiency. The setup, documented by engineer Simon Willison, uses ARM64 hardware and Ubuntu for isolated operations. This configuration enables safe file handling and task execution in a sandboxed space.
Anthropic's Cowork mode, an AI assistant for daily tasks and file operations, operates within a specialized Linux container environment. Technical staff member Simon Willison shared configuration details on GitHub Gist on January 25, 2026, highlighting the setup's balance of functionality and security.
The hardware features an ARM64 processor with four cores at 48 BogoMIPS, including advanced security elements like hardware cryptographic acceleration for AES, SHA1, SHA2, SHA3, and SHA512, atomic operations, pointer authentication (PACA/PACG), and branch target identification (BTI). Memory is limited to 3.8 GiB total, with 2.8 GiB available, and no swap space. Storage includes 10 GB NVMe for both root and session disks, mounted as ext4 filesystems, plus a 98 MB vfat EFI partition for /boot/efi.
Running Ubuntu 22.04.5 LTS (Jammy Jellyfish) on kernel 6.8.0-90-generic with PREEMPT_DYNAMIC for real-time support, the system uses aarch64 architecture and hostname 'Claude'. Sandboxing employs Bubblewrap (bwrap) for isolation, with independent network (--unshare-net) and PID (--unshare-pid) namespaces, die-with-parent termination, and measures against device hijacking.
Security is bolstered by Seccomp filter mode 2, NoNewPrivs to prevent escalation, and dropping all capabilities (CapEff = 0). Networking routes through local proxies: HTTP/HTTPS on port 3128 via UNIX sockets, and SOCKS5 on port 1080 for FTP/gRPC, using socat for tunneling to the host.
The execution stack starts with bwrap (PID 1), bash (PID 2), socat proxies (PIDs 3 and 4), and the main Claude process (PID 5) under model claud-opus-4-5-20251101. It supports tools like Task, Bash, Glob, Grep, Read, Edit, and Write, plus two Model Context Protocol (MCP) servers.
A related announcement for Claude Cowork v2 emphasizes container deployment for developers, using a Dockerfile from anthropic/claude-code base image, folder mounts to /sessions//mnt/ for granular permissions, and at least 4 GB RAM with 2 CPU cores. This aids cross-platform testing on Linux and Windows, reducing macOS dependencies and enhancing CI/CD integration while minimizing attack surfaces through namespace isolation.
