Claude Cowork
v1.x (desktop GA; web/mobile with cloud execution in beta as of 2026-07-08)Anthropic
Anthropic's agentic workspace for non-technical knowledge work โ 'Claude Code for the office.' Launched 2026-01-12 as a macOS desktop app that runs tasks in a sandboxed local VM (Apple Virtualization Framework with a custom Linux rootfs), expanding to web and mobile with cloud execution in July 2026. Turns natural-language goals into reports, spreadsheets, and organized files. Shipped with a disclosed prompt-injection-via-malicious-files risk that remains its central security tension.
Trust Vector Analysis
Dimension Breakdown
๐Performance & Reliability+
Assessment of real-world completion using Anthropic's published session analysis and independent launch reviews; built on the proven Claude Code agent harness
Review of tool stack reliability across file, browser, document, and connector operations
Evaluation of goal decomposition, parallel task execution, and long-horizon unattended runs
Review of session continuity across desktop, web, and mobile plus workspace file persistence
Inference from the shared Claude Code agent loop plus observed retry behavior; limited independent data for non-coding tasks
Review of sub-agent delegation and plugin/skill composition capabilities
๐ก๏ธSecurity+
Architecture review of the local VM isolation stack and cloud execution environments; strong containment of code execution, but the allowlisted Anthropic API endpoint has been demonstrated as an exfiltration channel
Review of folder scoping, approval gates for destructive actions, and enterprise admin controls; consumer defaults rely on users choosing safe folders
Threat analysis of the untrusted-file-plus-consequential-action combination; score reflects a known, demonstrated exploitation path shipped at launch, partially offset by classifiers, training, and honest disclosure
Review of per-session isolation within the shared VM and folder-scoped host access; cloud sessions are per-task and torn down at session end
Source availability assessment; credit for published architecture documentation without released code
๐Privacy & Compliance+
Review of Anthropic retention commitments applied to Cowork's session files across consumer and enterprise tiers
Compliance certification and DPA availability review under the Anthropic umbrella
Data flow analysis of model processing and opt-in connector traffic
Deployment options assessment: local execution surface exists but model inference and cloud sessions require Anthropic's cloud
๐๏ธTrust & Transparency+
Documentation completeness review including the dedicated safety and architecture articles
Review of session visibility versus enterprise audit coverage; the audit-log gap lowers the score
Assessment of plan previews, approval prompts, and progress narration
Open source assessment of the agent harness, VM image, and desktop app
Adoption, release cadence, and public discussion volume analysis
โ๏ธOperational Excellence+
Onboarding friction assessment for non-technical users across desktop, web, and mobile
Assessment of parallel sessions, cloud continuation, and subscription rate-limit behavior
Pricing model analysis; flat subscriptions cap spend but usage limits can throttle heavy work
Monitoring and audit tooling review; consumer tiers have per-session visibility only
Maturity assessment weighing rapid adoption against beta surfaces and the launch security record
- +Real VM isolation on desktop: custom Linux VM via Apple's VZVirtualMachine with bubblewrap, seccomp, per-session sandbox users, and a network allowlist
- +Built on the proven Claude Code agent harness, repurposed for office work with sub-agents, skills, and plugins
- +Explicit folder scoping and approval gates: Claude can only reach folders the user grants, and deletions require approval
- +Cloud execution (July 2026 beta) continues tasks across desktop, web, and mobile with no device online
- +Unusually candid safety and architecture documentation, including named prompt-injection risks
- +Flat subscription pricing included in Pro/Max removes per-task cost anxiety
- +Massive early traction: 1.2M sessions across 600K+ organizations in ~5 months
- !Shipped 2026-01-12 with a pre-disclosed prompt-injection flaw: within 48 hours researchers showed a malicious Word doc (1-pt white text) exfiltrating financial documents via the VM's allowlisted Anthropic API
- !The core tension is architectural: sandboxing limits where code runs, not what Claude does with folders and connectors it was granted
- !Claude in Chrome, computer use, and unattended scheduled tasks each widen the injection-to-action surface
- !Cowork activity not yet captured in enterprise audit logs or the Compliance API
- !Web/mobile and cloud execution still beta with rollout gated by plan tier
- !Consumes subscription usage limits quickly; five-hour usage windows interrupt long tasks
- !Cloud-only models; no self-hosted or offline option
Use Case Ratings
content creation
Core use case: drafts, presentations, proposals, and reports were 16.4% of observed sessions, with document/spreadsheet output as the default deliverable
data analysis
Spreadsheet reconciliation and report assembly dominate the top usage category (33.4% business-process operations)
research assistant
Web browsing plus connector access supports multi-source research organized into documents, with cloud sessions continuing unattended
code generation
Inherits the Claude Code harness and can code (8.7% of sessions), but Claude Code itself is the better tool for engineering work