Claude’s hidden 10GB Mac VM: Why your chatbot needs Linux

When you install Claude Desktop on your Mac, you might not expect a full virtual machine to appear in your Library folder. Yet that’s exactly what happens: a folder named claudevm.bundle in ~/Library/Application Support/Claude/ can balloon to over 10 gigabytes on disk. At first glance, the size seems absurd—until you realize the VM isn’t storing Lord of the Rings novels. It’s running Ubuntu.

Why Anthropic runs a VM on your Mac

Anthropic’s lineup of Claude products is built around three distinct approaches to AI assistance, each tailored to different users and use cases. The web-based claude.ai keeps everything in the cloud, making it the safest option for general queries. For more hands-on tasks, Anthropic offers two alternatives: Claude Desktop + Cowork, which runs in a sandboxed VM, and Claude Code, which operates directly on your system.

Cowork, launched on January 12, 2026, represents a middle ground—an AI agent that can manipulate files and execute code without exposing your system to risk. It’s designed for professionals who aren’t developers but still need automation: lawyers organizing contracts, analysts extracting data from PDFs, or professors converting lecture notes into presentations.

How Cowork works in practice

Cowork functions by granting AI-controlled agents access to a specific folder on your Mac. The system reads, edits, or creates files within that folder while remaining entirely isolated from the rest of your system. This setup enables tasks like:

• - Generating Word, Excel, or PowerPoint files without requiring local software
• - Running Python or JavaScript scripts when needed
• - Launching multiple sub-agents simultaneously for complex workflows

A real-world example illustrates its utility. Suppose you have 30 receipt images in a folder. With a simple prompt—"Extract dates, descriptions, and amounts into a spreadsheet"—Cowork will use OCR to read the images, process the data, and output a structured Excel file. The process completes entirely within the VM, leaving your original files untouched.

What’s surprising is how Cowork was built. Anthropic’s team used Claude Code to develop Cowork in just 1.5 weeks, effectively creating the next generation of AI tools with AI itself.

The security trade-off: Isolation vs. freedom

The VM’s primary purpose is security. Running arbitrary code on your Mac is risky, even if the AI is well-intentioned. A sandboxed environment prevents potential damage from spreading. The VM contains a full Ubuntu 24.04 installation, complete with tools like Chromium for web scraping, LibreOffice for document creation, and Node.js/Python for code execution. It even includes support for Chinese, Japanese, and Korean fonts to handle international documents.

The security model is strict:

• - The VM has no access to your system outside the designated folder
• - Network access is restricted to trusted sources like PyPI, npm, and GitHub
• - Each session resets, ensuring no lingering changes persist between uses

If the AI makes a mistake—say, deletes a critical file or installs unwanted software—the damage stays contained within the VM. Your main system remains unaffected.

Claude Code: When isolation isn’t an option

For developers, Cowork’s restrictions are impractical. Enter Claude Code, a tool designed for software engineering workflows. Unlike Cowork, Claude Code has no VM. It operates directly in your terminal with your system permissions, enabling deep integration with your development environment.

To use it, you install the tool via a package manager:

brew install claude-code claude

Claude Code needs access to your repository, build tools, tests, and deployment credentials to function effectively. It can’t develop software from inside a sandbox unaware of your project structure. However, it doesn’t operate in a free-for-all mode. Every command it proposes is displayed for your approval before execution:

Claude wants to execute: npm test
[Approve] [Deny] [Always approve]

This permission system balances trust with control—Claude can analyze your code but can’t make changes without your consent.

Cowork vs. Claude Code: Which should you use?

Choosing between Cowork and Claude Code depends on your needs. Here’s a quick comparison:

• - Interface: Cowork uses a GUI app, while Claude Code runs in the terminal
• - Isolation: Cowork runs in a VM; Claude Code operates directly on your system
• - Office documents: Cowork can create and edit them; Claude Code requires local installations
• - Repository access: Cowork only sees a designated folder; Claude Code can access everything
• - Network access: Cowork’s is filtered; Claude Code has full connectivity
• - Startup time: Cowork takes 5–10 seconds to initialize; Claude Code starts instantly
• - Disk usage: Cowork’s VM consumes ~10.8 GB; Claude Code uses ~50 MB

Use Cowork when:

• - You need to create or edit Office documents
• - You’re processing untrusted files or code
• - You’re organizing personal files or documents
• - You’re not a developer

Use Claude Code when:

• - You’re developing software
• - You need access to your full repository, tests, or build tools
• - You’re deploying code or debugging system-level issues

The future of AI on your machine

Anthropic’s dual approach to AI assistance reflects a broader trend: balancing power with safety. For most users, Cowork’s sandboxed VM is the ideal solution, offering functionality without risking system integrity. For developers, Claude Code provides the deep integration necessary for real work, albeit with greater responsibility.

As AI tools become more integrated into daily workflows, the question isn’t just what these tools can do—it’s how they do it. Whether through isolation or controlled access, the goal remains the same: harnessing AI’s potential without compromising your system’s security or stability.