Claude Cowork: Powerful OS‑Level AI — or a Step Too Far?

Anthropic has announced Claude Cowork, an addition to the Claude MacOS app that brings the agentic approach of Claude Code to other types of knowledge work.

This is a really intriguing approach to how agentic capabilities can operate on an OS-wide basis to help get real tasks done that aren't constrained to a single app or data/asset type.

The big question though is whether an approach like this is safe.

Anthropic's blog announcing this highlights the safety issues including prompt injection and it's not hard for anyone to understand why the more capable a tool is the riskier it becomes in relation to this type of threat. Whereas using Claude or ChatGPT in their chatbot mode is relatively safe, as soon as we give them the keys to a browser or a desktop the potential for serious problems amplifies quickly.

Should we also pause to moderate these kinds of concerns? When we plan to hire a human employee, we don't write out a paragraph cautioning how they might be socially engineered. Isn't social engineering, to some extent at least, just the human equivalent of prompt injection? Depending on the situation, the scale and blast radius might be quite different though.

So far, I am erring on the side of caution for these types of tools. AI in the browser or connected to the desktop should be scoped to limited environments, not your day-to-day production machine. This is simple common sense at this stage and for its part, Claude Cowork is sandboxed, so it only has access to resources you explicitly consent. But for a user-facing tool for general knowledge work, for how long will those least access safeguards work against the pressure of just using the tool to get more done?

What's your view on these developments? Are you using these types of tools? How do you mitigate the risks? Or for you, is this a step too far?

First posted on Linkedin on 01/13/2026 -> View Linkedin Post Here