The 10 GB surprise
You install Claude Desktop on your Mac. Everything's fine, the app is lightweight. But one day you check your disk and discover this:
~/Library/Application Support/Claude/vm_bundles/claudevm.bundle
10.8 GB.
Excuse me? Ten gigs for a chatbot? What's in there, the extended Lord of the Rings trilogy?
Nope. Ubuntu.
The Claude product trinity
Before I explain the what, let me explain the why. Anthropic has three ways to give you access to Claude:
| Product | Where it runs | For whom |
|---|---|---|
| claude.ai | Anthropic servers | Everyone |
| Claude Desktop + Cowork | VM on your Mac | Professionals |
| Claude Code | Directly on your system | Developers |
The web version is the safe option: everything happens in Anthropic's cloud, nothing touches your machine. But if you want Claude to do real things on your computer — create documents, execute code, move files — you need something more.
That's where Cowork and Claude Code come in, two completely different philosophies.
Cowork: Claude Code for everyone else
Cowork is the name of the agent Anthropic launched on January 12, 2026. Its official tagline:
"Claude Code for the rest of your work"
While Claude Code is designed for developers who live in the terminal, Cowork is designed for you when you're not programming. The lawyer who wants to organize contracts. The analyst who needs to extract data from 50 PDFs. The professor who wants to convert their notes into a presentation.
What it can do
- You give it access to a folder on your Mac
- Claude reads, edits, and creates files within it
- Can create Office documents (Word, Excel, PowerPoint) without you having anything installed
- Can execute Python or JavaScript code if needed
- Can launch multiple "sub-agents" in parallel for heavy tasks
Real example
"Hey Claude, I have 30 receipt screenshots in this folder. Make me a spreadsheet with date, description, and amount for each one."
And Claude does it. Reads the images, extracts the data with OCR, creates the Excel file, and leaves it there for you.
The curious fact
Cowork was built almost entirely by Claude Code in 1.5 weeks. Claude writing the next generation of Claude products. Inception but with fewer Leo DiCaprios and more tokens.
The VM: The security trick
Here's the clever part. When Cowork executes code or manipulates files, it doesn't do it directly on your Mac. It does it inside a completely isolated Ubuntu virtual machine.
Why? Because letting an AI execute arbitrary code on your system is like giving your house keys to a very smart stranger. They might be trustworthy, but better they don't have access to the knife drawer.
What's inside those 10 GB
| Component | Size | What for |
|---|---|---|
| Ubuntu 24.04 | ~3 GB | The operating system |
| Chromium + Playwright | ~920 MB | For web scraping and automation |
| LibreOffice | ~148 MB | Create Office documents |
| Node.js, Python, Java | ~600 MB | Execute code |
| CJK Fonts | ~305 MB | Chinese/Japanese/Korean support |
| Pandoc, LaTeX | ~450 MB | Document conversion |
A complete office environment inside a security box.
The security model
┌─────────────────────────────────────────┐
│ Your Mac (host) │
│ ┌───────────────────────────────────┐ │
│ │ Ubuntu VM (sandbox) │ │
│ │ ┌─────────────────────────────┐ │ │
│ │ │ Claude runs here │ │ │
│ │ │ - No access to your disk │ │ │
│ │ │ - Filtered network │ │ │
│ │ │ - Resets each session │ │ │
│ │ └─────────────────────────────┘ │ │
│ │ │ │
│ │ /mnt/user-data/ ← Your folder │ │
│ └───────────────────────────────────┘ │
│ │
│ Rest of your Mac: INACCESSIBLE │
└─────────────────────────────────────────┘
The VM can only see the folder you give it access to. It can't touch your photos, your documents, your .ssh. Even the network is filtered: it can only talk to PyPI, npm, GitHub, and little else.
If Claude screws up inside the VM, the damage stays contained there.
Claude Code: No safety net
And then there's Claude Code, which is... another story entirely.
brew install claude-code
claude
Claude Code has no VM. No sandbox. No safety net. When you tell it "run this command," it runs it directly in your terminal. With your permissions. With access to your files. With your SSH keys.
It's like the difference between showing someone a photo of your house and giving them your house keys.
Why would I want that?
Because if you're a developer, you need Claude to have real access to your environment:
- Your git repository with all its files
- Your build tools (
npm,cargo,uv) - Your tests to run them
- Your credentials to deploy
You can't develop serious software from inside an isolated VM that knows nothing about your project.
The permission model
Claude Code isn't the wild west. It has a permission system:
- Always allowed: Read files, search code
- Requires your OK: Execute commands, write files, make network requests
Every command it wants to execute is shown to you first. You decide whether to approve it.
Claude wants to execute: npm test
[Approve] [Deny] [Always approve]
The model is: I trust Claude to read and understand my code, but I want to see what it's going to do before it does it.
Cowork vs Claude Code: The comparison
| Aspect | Cowork | Claude Code |
|---|---|---|
| Interface | GUI app | Terminal |
| Isolation | Full VM | None |
| Office docs | ✅ Included | ❌ Install them yourself |
| Repo access | ❌ Only given folder | ✅ Everything |
| Git push | ❌ No your config | ✅ Your credentials |
| Network | Filtered | Full |
| If it messes up | Damage contained | Can affect your system |
| Startup | ~5-10s | Instant |
| Disk | ~10.8 GB | ~50 MB |
When to use each one?
Use Cowork when:
- You want to create/edit Office documents
- You need to execute code that isn't yours (suspicious by default)
- You're organizing personal files
- You're not a developer
Use Claude Code when:
- You're developing software
- You need access to your repo, tests, tools
- You want to deploy
- You're debugging something that requires system access
And Copilot?
Many people ask me how this compares to GitHub Copilot. Short answer: they're different philosophies.
Copilot is autocomplete on steroids. Lives inside your IDE, suggests code as you type, line by line. It's fast, doesn't interrupt your flow, and is great for boilerplate.
Claude (Cowork/Code) is an agent. Makes plans, executes complete tasks, touches multiple files. Slower but more powerful.
| Scenario | Better option |
|---|---|
| Writing code fast | Copilot |
| Massive refactoring | Claude |
| Completing patterns | Copilot |
| Understanding legacy code | Claude |
| Complex debugging | Claude |
| GitHub PR reviews | Copilot |
The conclusion I've seen in the community:
"Copilot makes you faster. Claude makes you better. In 2026 you need both."
Can I delete the VM?
Yes. If you don't use the code execution features:
- Claude Desktop → Settings
- Disable "Code Execution and File Creation"
- Optionally:
rm -rf ~/Library/Application\ Support/Claude/vm_bundles/
You get back 10 GB. You still have normal chat with Claude.
Wrap up
Next time someone asks you why Claude Desktop takes up so much space, you'll know what to answer: because there's a whole Ubuntu inside with LibreOffice, Chromium, Python, Node, and everything needed for Claude to work with files for real.
It's the price of security. They could have made Claude execute code directly on your Mac, but then every time Claude messed up (and LLMs do mess up), the damage would be real.
I'd rather have 10 GB of VM than an accidental rm -rf / in my home directory.
Want to know more about Claude Code? Here's my git optimization tutorial that I wrote with it.
This article was originally written in Spanish and translated with the help of AI.
Top comments (0)