In Claude Code, Claude collaborates with you to write, test, and debug code. It can explore your codebase, make changes across multiple files, and execute commands to validate its work. Giving Claude extensive access to your codebase and files can pose security risks, particularly from prompt injection. To mitigate this, we’ve added two new features to Claude Code, both built on sandboxing. These enhancements create a safer environment for developers while enabling Claude to operate more autonomously with fewer permission requests. Our internal testing shows that sandboxing effectively cuts permission prompts by 84%. By establishing clear boundaries for Claude to operate within, they enhance both security and user agency. Safeguarding users with Claude Code. Claude Code operates on a permission-based system: by default, it is read-only and will request approval before making any changes or executing commands. There are a few exceptions—we automatically allow safe commands like echo or cat—but most operations still require explicit approval. Having to constantly click “approve” slows down development and can cause “approval fatigue,” where users stop paying close attention, ultimately making the process less secure. To solve this, we introduced sandboxing for Claude Code: a safer, more autonomous approach. Sandboxing establishes predefined limits that allow Claude to operate with greater freedom, without needing to request approval for every individual action. With sandboxing turned on, you’ll see far fewer permission prompts and enjoy better overall security. Our sandboxing approach is built on operating-system-level features that create two distinct security boundaries.
Anthropic Engineering