A reported sandbox-escape chain in a Windows AI client shows how one local foothold can push past VM boundaries and make outbound controls far less meaningful.
A newly disclosed weakness in Anthropic’s Claude Cowork for Windows may allow attackers to execute commands as root inside a Hyper-V-isolated Ubuntu VM, showing how the control plane can become the weak link.
Anthropic is testing mobile support for Claude Cowork, and even a modest interface change can reshape how identities, sessions, and task context need to be protected.