Claude Cowork and Claude Code can now perform advanced actions on your Mac, by taking control of the mouse and keyboard as if it's another user. We still recommend that users skip "features" like this that really only serve to open up attack surfaces.
The majority of activity with AI chatbots has revolved around queries and coding, with a little bit of activity that directly affects your computer. In Anthropic's latest update to Claude, it's about to become even more useful.
Claude Cowork and Claude Code, two sub-sections to Anthropic's main Claude, can now be set to perform tasks on a user's computer. While this would involve interacting with locally-stored files and applications, Anthropic's implementation goes further than most.
In some situations, it will control your Mac's keyboard and mouse to get the jobdone.
Working hard
In essence, like any other prompt, a user asks Claude to perform a task on their Mac. For example, if they are away from their computer and need to send a file located on their Mac's desktop before an important meeting.
In a more advanced example, a developer may request a development server to be started up, and for a screenshot of a specific webpage it hosts to be sent to them.
Anthropic explains that Claude's use of the user's computer will start off by using any existing connectors to services, including Slack or Google Calendar. If they are available, or if they can be implemented with permission from the user, they will be prioritized.
Where things get interesting is when there is no designated way for Claude to communicate with an app or service. In such cases, Claude will instead assume control of the browser, mouse, keyboard, and user's screen, to see what actions can be taken and to perform them.
Anthropic proposes that this could be used with the Dispatch feature of Claude Cowork and Claude Code, which maintains a single conversation between the phone and desktop versions of the app.
In doing so, a user could tell Claude to perform actions on their Mac from their iPhone.
Before accessing the Mac, Claude will ask permission from the user first. If there's a Claude request that isn't quite working out, a user monitoring the process can quickly put an end to the activity.
Hardly working
To us, this sounds like a potential security risk for users by opening up more of their digital lives to AI. Anthropic are at least open about the current state, and its security measures.
Computer use is "still early" in its development versus Claude's capability to code or work with text, the company admits. Claude is still capable of making mistakes, like any other LLM-based product.
Anthropic is putting in guardrails to limit dangers, such as prompt injection. The firm adds that, though it is improving those safeguards, the threats against its infrastructure are always changing.
To that end, Anthropic advises that users should only start with apps they trust, which don't deal with sensitive data. For some app situations, such as stock trading and scraping facial images, Claude is trained to avoid them as much as possible.
We'll see how this goes with the fullness of time. We're skeptical that the benefits outweigh the disadvantages and the costs.
Catching up in the AI market
The new Claude features are clearly Anthropic's way of catching up on a trend in the AI space, in localizing the results of queries.
Two big pushes in this field were OpenClaw and Perplexity's Personal Computer. In both cases, users would allow AI agents access to local files and applications stored on a Mac mini, with the ability to create and edit files on that hardware.
Anthropic's approach goes along the same sort of lines, but in a way that seems to hand-hold the user a lot more. There's a lot more flexibility in using the more unrestricted OpenClaw, for example, but that flexibility comes with it considerable risks to your data.
Here, Anthropic is emphasizing the early stage of the feature's existence, that it could go wrong, and to expect issues.
Also helping Claude's cause is that it is available in a "research preview," it can only be used by subscribers of Claude Pro at $20 a month or Claude Max at $200, and only on macOS for the moment.
AppleInsider recommends that anyone allowing AI direct access to their Mac's files exercise a healthy amount of caution. It is nearly identical to allowing another user access to your sensitive files, which is a risky proposition.
