Computer Use: Safety, Risks, and When to Use It

Last verified: 14 April 2026 | Applies to: API only (research preview)

In 30 seconds

Computer Use lets Claude control your screen by taking screenshots and sending mouse clicks and keyboard input. It is an API-only beta, separate from both the Chrome extension (which uses DOM-based browser automation) and Cowork (which accesses your filesystem but not your screen). Operators are rightly asking about the risks. This page covers what it can and cannot access, which tasks are appropriate, and how to set up a safe testing environment.

Important distinction

Three different capabilities, three different technologies:

• Computer Use (this page): API beta. Screenshot-based screen control in a virtual environment. Mouse and keyboard automation.
• Chrome extension: DOM-based browser automation. Reads and interacts with web page elements directly. Available on Max, Team, and Enterprise.
• Cowork: Local filesystem access. Reads and writes files on your machine. No screen control.

Do not conflate these. Each has different capabilities, risks, and use cases.

What Computer Use actually sees and controls

Computer Use works by repeatedly:

1. Taking a screenshot of the current screen
2. Analysing what is visible (buttons, text fields, menus, content)
3. Sending input (mouse movements, clicks, keyboard typing) to interact with what it sees
4. Taking another screenshot to verify the result
5. Repeating until the task is complete

graph LR
    A[Take screenshot] --> B[Analyse screen]
    B --> C[Decide action]
    C --> D[Send mouse/keyboard input]
    D --> A

It can see: Anything visible on screen. Open applications, browser tabs, notifications, system dialogs, desktop icons, and any text or images currently displayed.

It can do: Click buttons, type text, scroll, navigate menus, switch between applications, and interact with any UI element visible on screen.

It cannot: Access files or data not currently displayed on screen, read encrypted or password-protected content that is not visible, interact with elements behind modal dialogs, or bypass system security prompts (unless they are visible and it clicks through them, which is a risk you need to manage).

The safety model

Computer Use has several built-in safety constraints:

• No persistent access. It only operates during an active API session. When the session ends, control stops.
• Screenshot-based only. It does not have direct access to your filesystem, clipboard history, or background processes. It sees only what is on screen.
• You control the environment. You choose which virtual machine or environment to run it in. It has no access beyond what that environment provides.
• Session logging. All actions (screenshots taken, inputs sent) are logged and can be reviewed.

To revoke access: End the API session. Computer Use has no persistent agent or background process. Closing the session immediately stops all screen control.

Risk tier table

Not all tasks carry the same risk. Use this framework to evaluate whether Computer Use is appropriate:

Risk level	Description	Examples	Recommendation
Low	Single-app data entry in an isolated environment, no credentials involved	Filling forms in a test app, copying data between fields in a spreadsheet, navigating a demo site	Suitable for automation. Monitor the first few runs.
Medium	Multi-app workflows, read access to real data, no payment or credential entry	Extracting data from one app and entering it in another, navigating internal dashboards, running reports	Use with supervision. Review screenshots periodically.
High	Workflows involving payments, credentials, external-facing systems, or sensitive data	Processing payments, logging into third-party services, sending emails or messages, accessing financial accounts	Not recommended without human-in-the-loop verification at every critical step.

Setting up a safe testing environment

Never run Computer Use on your primary work machine when experimenting. Set up an isolated environment:

1. Use a virtual machine. Spin up a clean VM (cloud or local) with only the applications needed for the task. No email client, no browser with saved passwords, no access to production systems.
2. Remove credentials. Do not save passwords, API keys, or session tokens in the test environment. If the task requires logging in, enter credentials manually before handing control to Computer Use.
3. Limit network access. If possible, restrict the VM’s network access to only the services the task requires. This prevents Computer Use from accidentally navigating to unintended sites.
4. Use test data. Populate the environment with dummy data rather than production records. Validate the workflow works correctly before pointing it at real data.
5. Record and review. Enable screen recording on the VM so you can review exactly what Computer Use did after each session.

5 good use cases for operators

These tasks play to Computer Use’s strengths (repetitive UI interaction) while keeping risk manageable:

1. Legacy system data entry. Older enterprise software with no API. Computer Use can navigate the UI, enter data from a structured source, and save records. Common in property management, logistics, and government.
2. Screenshot-based reporting. Navigating dashboards that have no export function, taking screenshots of specific views, and compiling them into a report.
3. Multi-step form filling. Insurance quotes, compliance submissions, or vendor onboarding forms that require clicking through multiple screens with structured data.
4. Application testing. Walking through a UI workflow to verify that buttons, forms, and navigation work as expected. Useful for QA on internal tools.
5. Data migration between apps. When two systems have no integration, Computer Use can read from one screen and type into another. Slower than an API, but sometimes the only option.

5 things to never let Computer Use do unsupervised

1. Enter payment details or process transactions. A misclick or misread could send money to the wrong place. Always verify payment actions manually.
2. Handle passwords or authentication tokens. Computer Use sees everything on screen. If it encounters a password field, it may type credentials into the wrong field or expose them in screenshots.
3. Send external communications. Emails, Slack messages, or social media posts sent by Computer Use cannot be unsent. A misinterpretation could send the wrong message to the wrong person.
4. Access production databases or admin panels. One wrong click in an admin interface can delete records, change configurations, or disrupt services.
5. Run unattended for extended periods. Computer Use can get stuck in loops, misinterpret dialog boxes, or drift off-task. Check in frequently, especially during the first few runs of any workflow.

What to watch out for

• Success rates are modest. Anthropic reports around 50% success on complex benchmarks. For real-world operator tasks, expect to iterate. Simple, well-defined tasks work best.
• It is slow. Each action requires a screenshot, analysis, and input cycle. A task a human does in 30 seconds might take Computer Use 2 to 3 minutes. It is valuable for repetitive tasks at scale, not for speed.
• Your screen must stay visible. Computer Use relies on screenshots. If the screen locks, a screensaver activates, or another window covers the target application, it loses context.
• API-only, not consumer-facing. This is a developer tool accessed through Anthropic’s API. It requires technical setup. It is not a button in Claude Desktop.
• macOS and Windows for local testing. If running locally rather than in a cloud VM, Computer Use supports both macOS and Windows (since 3 April 2026).
• This is a research preview. Capabilities, limitations, and safety features will change. Do not build production-critical workflows on research preview infrastructure without a fallback plan.

Related

• Screen Automation. Broader guide to screen-based automation with Claude.
• Security and Privacy. How Claude handles your data across all surfaces.
• Browser Automation. DOM-based browser automation via the Chrome extension (different technology).

---

Something wrong or outdated? Let us know →

Get weekly workflows. Subscribe to the newsletter.