Anthropic just launched “computer use” for Claude Code and Cowork. The feature lets Claude click, scroll, navigate, and operate apps on your Mac the way you would. Meta’s Manus shipped a similar feature called “My Computer” last week. Perplexity has “Computer” (cloud-based) and “Personal Computer” (running on a dedicated Mac mini). OpenAI has Operator. NVIDIA announced NemoClaw at GTC. Microsoft is building computer-using agents into Copilot. Google is testing Gemini desktop features. OpenClaw, the open-source project that started this frenzy, has spawned an entire ecosystem of imitators.
Every major AI company is racing to give its models ways to control your computer.
To be effective, an agent needs access to your files, your apps, your browser, your email, and your calendar. The more access you grant, the more it can accomplish. A fully permissioned agent can organize your documents, build spreadsheets, send emails, and execute multi-step workflows while you focus on something else. That is genuinely useful. But how much do you trust your AI agent?
On the dark side, prompt injection attacks can hijack an agent’s behavior through malicious instructions hidden in documents, emails, or web pages. Every one of these platforms has permission controls. Claude asks before touching each app. Manus requires explicit approval before executing tasks. Perplexity runs its agent in a sandboxed cloud environment. Some guardrails exist. Are they sufficient? We shall soon see.
Start using computer use features slowly. It’s going to take a while to understand what agents/claws/personal AI assistants can and can’t do. More importantly, figure out what your agent(s) should and shouldn’t do.
Every company needs a Claw strategy. Do you have one?
Author’s note: This is not a sponsored post. I am the author of this article and it expresses my own opinions. I am not, nor is my company, receiving compensation for it. This work was created with the assistance of various generative AI models.