Researchers expose Claude Cowork sandbox escape, Anthropic disagrees
Security firm Armadin detailed an attack chain achieving root-level code execution inside Claude Cowork's sandbox on Windows, bypassing network restrictions and exfiltrating data. The exploit combined DLL sideloading into claude.exe with two unvalidated service parameters to escape isolation entirely.
Anthropic disputes the severity, arguing exploitation requires prior local code execution on the host machine. Armadin recommends uninstalling Claude Desktop where Cowork is unnecessary, and using application allowlisting and USERENV.dll monitoring as mitigations. Armadin is led by Mandiant founder Kevin Mandia and raised a record $189.9 million in early funding.
