Cowork Threat Surface: When the Agent Is the Attack Vector
TLDR: Anthropic's new consumer AI agent can read your files, browse the web, and run commands on your machine — all on your behalf, all autonomously. When an AI acts on your behalf, anything it reads can act on your behalf too. No confirmed breach yet, but the same attack class already produced a supply chain compromise at Cline. The difference is this product is marketed to everyone at $20 a month. Claude Cowork is Anthropic’s general-purpose desktop agent — released to all Pro subscribers in early 2026. It reads your files, fetches web pages, runs terminal commands, and executes multi-step tasks on your behalf. That’s the product. That’s also the attack surface. ...