The Browser Is the Sandbox
Summary
Simon Willison analyzes how modern web browsers can serve as robust sandboxes for running untrusted code, using File System Access API, CSP sandbox, and WebAssembly in Web Workers. The post discusses Co-do, a browser-based demo for running AI-assisted workflows entirely in the client, and compares it to Claude Cowork, highlighting browser-based containment and security trade-offs.