Understanding Claude Access Before You Turn It On
Claude’s access features come in two distinct levels, each with unique capabilities, risks, and use cases. Understanding these differences is essential for using Claude safely and effectively.
Who This Is For?
This guide is for anyone using or considering Claude’s desktop app who wants to understand what giving Claude access actually means, what tasks Claude can perform, the risks involved, and how to decide which level of access is appropriate.
What You Will Learn:
The differences between file access and full computer control, what Claude can do at each level, how to set up access safely, key risks and limitations, and a practical decision framework.
TL;DR
Claude offers two types of access.
File and folder access is the default in Cowork. Claude can read and write in a folder you choose. It is sandboxed and considered low risk.
Also read: 10 Best Image Prompts For Viral Content
Computer use is opt-in, currently macOS only, and in research preview. Claude can click, type, open apps, and navigate your desktop in real time. It is more powerful but carries higher risk.
The case for giving access: Claude can complete multi-step tasks autonomously while you are on a call, commuting, or doing something else.
The case for caution: Claude can make mistakes, and malicious content via prompt injection can manipulate its actions. Desktop access interacts with your live system, not a sandbox.
For most people, file access is yes, with a dedicated folder. Computer use, yes, for lower-stakes tasks with care taken to block sensitive apps.
1. File Access (Low Risk)
File access allows Claude to read, write, and organize files in a folder you select. All actions occur in a sandboxed environment and do not extend beyond the designated folder.
This is the default setup in Cowork and a low-risk starting point for most users. Projects in Cowork allow you to keep related files organized in one workspace.
Limitations: By default, Claude cannot open your email client, access other folders, browse the web, or interact with apps unless you connect them via Claude connectors or enable computer use.
Tips for safe use: Use a dedicated folder such as Claude-Workspace and avoid directories containing sensitive data, including financial records, credentials, or medical information.
2. Computer Use (Higher Risk)
Computer use allows Claude to control your desktop in real time, including clicking, typing, opening apps, and navigating your system.
This is not sandboxed. Actions occur on your live machine. Available only on macOS for Pro and Max subscribers and currently in research preview.
Useful for workflows requiring multi-step automation or tools without direct integrations. Should not be used with sensitive apps such as banking platforms, healthcare portals, or legal tools.
3. What Claude Can Do?
With file access only, Claude can summarize files, generate structured reports, organize and restructure data, and combine information from multiple files.
With connectors added such as Gmail, Google Drive, Slack, and Calendar, Claude can access emails, meeting context, and project files, search across connected platforms, and send messages or post on your behalf with your confirmation.
With computer use enabled, Claude can open and navigate any app, use internal tools without integrations, complete multi-step workflows, and execute tasks remotely via Dispatch.
A real example Anthropic demonstrated: a user running late messages Claude from their phone to export a pitch deck as a PDF and attach it to a calendar invite. Claude locates the file, exports it, attaches it to the event, and notifies the user when done.
4. What Claude Cannot Do?
Claude cannot access banking apps, investment platforms, or cryptocurrency wallets. It cannot use saved passwords or credentials. It cannot permanently delete files without your explicit confirmation. These restrictions reduce risk but do not eliminate it completely.
5. How to Set It Up?
File Access (Cowork)
Download or update Claude Desktop at claude.com/download. Pro or Max plan required. Open the Cowork tab and select a dedicated working folder. Avoid selecting your entire Documents directory.
Computer Use
Open Claude Desktop and go to Settings then General. Toggle computer use on. Start a Cowork or Claude Code session. Claude will request permission before accessing each app individually. Ensure your Mac stays awake and Claude Desktop remains open for tasks to run.
Dispatch (Remote Task Assignment)
Dispatch allows tasks sent from your phone to run on your desktop. Claude executes the task and notifies you when finished or if it requires input. Review folder and app access carefully before enabling Dispatch, as it creates a direct chain between your phone and your live machine.
6. Key Risks
Prompt Injection
Hidden instructions in documents, websites, or emails can redirect Claude’s actions without your knowledge.
A documented case from January 2026: a Word document embedded with hidden commands tricked Cowork into sending sensitive files including documents containing partial Social Security numbers to an external server. The user noticed nothing unusual throughout the process.
A second documented case involved three vulnerabilities in Claude.ai collectively known as Claudy Day. These could be chained together to quietly extract conversation history. One specific method involved invisible HTML embedded inside a URL parameter that pre-filled Claude’s chat box. When the user pressed Enter on what appeared to be a normal prompt, Claude also executed the hidden instructions simultaneously. This vulnerability was patched but similar risks in this category remain.
Anthropic uses training and content classifiers to detect these attacks but protections are not absolute.
Mistakes and Irreversible Actions
Errors in multi-step workflows can cascade. Overwritten files may not be recoverable even if permanent deletion requires confirmation.
Screen Exposure
When computer use is active, Claude can see everything on your screen including open documents, browser tabs, and notifications. Screenshots are processed by Anthropic and deleted from their backend within 30 days. Not recommended for regulated or confidential workloads as Cowork activity is not captured in audit logs.
Remote Task Risks (Dispatch)
Enabling Dispatch means your phone can trigger real actions on your desktop. A compromised account or malicious content encountered during a task could cause unintended actions on your machine. Review your organization’s IT policies before using Dispatch on a managed device.
7. Should You Give Claude Access? Decision Guide
File access in a dedicated folder: Yes, low risk. Keep the folder clean and free of sensitive files.
File access to broad directories: No, unnecessary exposure. Create a dedicated folder instead.
Connectors such as Gmail, Slack, and Drive: Yes, with careful attention to permissions. Confirm outgoing actions before they occur and be clear on what Claude can read versus what it can send.
Read more: How to Test Multiple Hairstyles on Your Face Using AI
Computer use for internal or proprietary tools: Yes, this is where it adds the most value. Start with specific contained tasks before expanding.
Computer use with sensitive apps: No. Block banking platforms, healthcare portals, legal tools, and anything involving credentials or regulated data explicitly.
Computer use for long autonomous tasks while you are away: Proceed cautiously. This is where the stakes are highest. Build trust with smaller workflows first before leaving longer tasks to run unattended.
8. What Safety Controls Actually Do?
Model training helps Claude recognize and reject suspicious instructions including those framed as urgent or authoritative.
Content classifiers automatically scan incoming content for prompt injection attempts before they can influence Claude’s behavior.
Permission gates require your approval before Claude accesses any new application during a computer use session.
Default blocks prevent access to investment platforms, cryptocurrency wallets, and other sensitive app categories out of the box.
Deletion confirmation ensures files are not permanently removed without your explicit consent.
These protections reduce risk but are not foolproof. The guardrails can be bypassed as documented research has shown. The right mindset is managed risk not zero risk.
9. Common Mistakes to Avoid
Granting access to full directories instead of a single dedicated folder.
Running unsupervised tasks before testing how Claude handles your specific workflows.
Connecting sensitive apps without reviewing permissions carefully.
Assuming Cowork follows the same data policies as Claude.ai chat. Cowork stores conversation history locally and does not appear in audit logs, which matters in regulated industries or on managed devices.
Closing Claude Desktop during active tasks. Tasks stop completely if the app closes or your computer sleeps.
10. FAQs
Does Anthropic store screenshots? Screenshots are deleted from Anthropic’s backend within 30 days unless enterprise terms specify otherwise. They are processed server-side so they do leave your machine temporarily.
Can Claude access passwords or credentials? No. Policy strictly prohibits accessing browser-saved passwords, autofill data, or financial credentials. This is a firm boundary not a default setting.
What if Claude makes a mistake? Permanent deletions require your explicit confirmation first. Other errors such as overwriting a file may not be reversible. Keep backups and start with lower stakes tasks.
Can I use computer use on Windows? No. Computer use is currently macOS only. Windows support has not shipped yet.
Is Cowork suitable for regulated data such as HIPAA or GDPR? No. Cowork activity is not captured in audit logs or Compliance APIs and Anthropic does not recommend it for regulated workloads.
What if Claude behaves unexpectedly? You can stop Claude at any point during a task. If Claude is acting outside the scope of your instructions or requesting information it should not need, report it to usersafety@anthropic.com.
Can my employer see what Claude is doing? Cowork stores conversation history locally so it does not appear in Anthropic’s audit logs. However if your employer uses device management or monitoring software they may still be able to see desktop activity. Check your organization’s IT policies before using Cowork on a work device.
11. Next Steps
Scheduled tasks. Start with low stakes read-only workflows before automating anything consequential. Cowork lets you set recurring tasks such as a weekly report every Friday or a daily briefing before you start work.
Combining connectors with computer use. Set up connectors first to reduce how often Claude needs to rely on screen interaction. Claude’s priority order is connectors first, then browser, then screen control, which means fewer prompt injection risks from browsing and faster task execution.
Creating a dedicated Claude workspace. A structured folder with clear subfolders for Inputs, Outputs, and In-Progress makes it easier to manage what Claude sees and produces and simplifies reviewing its work afterward.
Following Anthropic’s Cowork updates. Computer use is still a research preview and the feature set, safety controls, and platform availability are actively evolving. Check support.claude.com regularly as things are moving quickly.
12. Bottom Line
Giving Claude access to your computer is not a single decision. It is a series of decisions about how much access, to what, and for what kinds of tasks.
File access in a dedicated folder is practical and low risk for most people. Computer use is genuinely powerful for tools without integrations but it runs on your live machine and the risks scale accordingly.
Prompt injection is real and the documented vulnerabilities are not theoretical. At the same time Anthropic’s controls make the risk manageable for everyday professional use as long as you are intentional about what you connect and what you expose.
Start narrow. Expand as you build trust. And do not point it at anything you would not want Claude to read.
If you want to discover more AI tools, or AI updates, visit our homepage. You can also explore the Blog for more tutorials, curated tools, and useful resources like these.
