Cowork: Claude Code for the rest of your work
(claude.com)1097 points by adocomplete 20 hours ago
1097 points by adocomplete 20 hours ago
Some do, some don't.
The reality is there are some of us who truly just don't care. The convenience outweighs the negative. Yesterday I told an agent, "here's my api key and my root password - do it for me". Privacy has long since been dead, but at least for myself opsec for personal work is too.
> Privacy has long since been dead, but at least for myself opsec for personal work is too.
Hacker News in 2026.
Paranoia is justified if it actually serves some purpose. Staying paralyzed and not doing anything because Someone Is Reading Your Data is not serving much of anything. Hint: those Someones have better things to do. LLM vendors really don't care about your bank statements, and if they were ever in a position to look, they'd prefer not to have them, as it just creates legal and reputational risks for them.
"Move fast and break things"
I could spend an extra 5 minutes doing it "right" or I can get what I need done and have a 0.001% chance of there ever being a problem (since there are other security measure in place, like firewalls, api key rotation, etc.)
Even when security gaps are exploited, the fallout tends to be minimal. Companies that had their entire database of very sensitive information leaked are still growing users and at worst paid a tiny fine.
> The reality is there are some of us who truly just don't care.
I would challenge that, with the same challenge I've heard about how Microsoft and Google reading your email. The challenge is "ok, so can you please log me in to your mailbox and let me read through it?"
It's not that people don't care, it's most that they've been led, or convinced, or manipulated, into failing to notice and realize this state of affairs.
> Privacy has long since been dead, but at least for myself opsec for personal work is too.
This is such an incredibly loser attitude and is why we can't have nice things.
I mean eventually, some adversarial entity will use this complete lack of defenses to hurt even the most privileged people in some way, so.
Unless of course they too turn to apathy and stop caring about being adversarial, but given the massive differences in quality of life between the west and the rest of the world, I'm not so sure about this.
That is of course a purely probabilistic thing and with that hard to grasp on an emotional level. It also might not happen during ones own lifetime, but that's where children would usually come in. Though, yeah, yeah, it's HN. I know I know.
Sometimes I wonder how we got here. Data breaches everywhere, my 64gb of ram i7 workstation slowing to a crawl when opening a file browser, online privacy getting increasingly more impossible. Then I read HN and it all makes sense.
Is there a place where you get things that are greater and more noble than apathetic indifference/go with the flow attitude?
The folks at the Qubes OS forum care about security, unlike the vast majority of HN users nowadays:
> The convenience outweighs the negative. Yesterday I told an agent, "here's my api key and my root password - do it for me".
Does the security team at your company know you're doing this?
Security as a whole is inconvenient. That doesn't mean we should ignore it.
> When choosing between convenience and privacy, most people seem to choose convenience
But they wish it would have been convenient to choose privacy.
For many, it may be rational to give away privacy for convenience. But many recognize the current decision space as suboptimal.
Remember smoke-infused restaurants? Opting out meant not going in at all. It was an experience that came home with you. And lingered. It took a tipping point to "flip" the default. [1]
[1]: The Public Demand for Smoking Bans https://econpapers.repec.org/article/kappubcho/v_3a88_3ay_3a... "Because smoking bans shift ownership of scarce resources, they are also hypothesized to transfer income from one party (smokers) to another party (nonsmokers)."
I send my bank statements to Gemini to analyze. It's not like bank statements contain anything too sensitive.
What! How can you be so insecure with your data?! You’re willing to upload a file you downloaded from a cloud service to a different cloud service? The horror!!
This is exactly what I expect out of…
Sorry, got interrupted by an email saying my bank was involved in a security incident.
WTF. I have a separate computer solely for personal finance, domain registration, DNS management, and the associated email account. If I didn't use multiple computers this way, I'd go back to using Qubes OS.
I pray for whoever has to review the slop I've generated.
Claude code has a YOLO mode, and from what I've seen a lot of heavy users, use it.
Fundamentally any security mechanism which relies on users to read and intelligently respond to approval prompts is doomed to fail over time, even if the prompts are well designed. Approval fatigue will kick in and people will just start either clicking through without reading, or prefer systems that let them disable the warnings (just as YOLO mode is a thing in Claude code)
No, of course not. Well.. apart from their API. That is a useful thing.
But you're missing the point. It is doing all this stuff with user consent, yes. It's just that the user fundamentally cannot provide informed consent as they seem to be out of their minds.
So yeah, technically, all those compliance checkboxes are ticked. That's just entirely irrelevant to the point I am making.
> It's just that the user fundamentally cannot provide informed consent
The user is an adult. They are capable of consenting to whatever they want, no matter how irrational it may look to you.
There has to be a way to set permissions right? The demo video they provided doesn't even need permission to read file contents, just read the file titles and sort them into folders based on that. It would be a win-win anyways, less tokens going into Claude -> lower bill for customer, more privacy, and more compute available to Anthropic to process more heavy workloads.
Ship has sailed. I have my deepest secrets in Gmail and Docs. We need big tech to make this secure as possible from threats. Scammers and nations alike.
>By default, the main thing to know is that Claude can take potentially destructive actions (such as deleting local files) if it’s instructed to.
What do the words "if it's instructed to" mean here? It seems like Claude can in fact delete files whenever it wants regardless of instruction.
For example, in the video demonstration, they ask "Please help me organize my desktop", and Claude decides to delete files.
It's really quite amazing that people would actually hook an AI company up to data that actually matters. I mean, we all know that they're only doing this to build a training data set to put your business out of business and capture all the value for themselves, right?
A few months ago I would have said that no, Anthropic make it very clear that they don't ever train on customer data - they even boasted about that in the Claude 3.5 Sonnet release back in 2024: https://www.anthropic.com/news/claude-3-5-sonnet
> One of the core constitutional principles that guides our AI model development is privacy. We do not train our generative models on user-submitted data unless a user gives us explicit permission to do so.
But they changed their policy a few months ago so now as-of October they are much more likely to train on your inputs unless you've explicitly opted out: https://www.anthropic.com/news/updates-to-our-consumer-terms
This sucks so much. Claude Code started nagging me for permission to train on my input the other day, and I said "no" but now I'm always going to be paranoid that I miss some opt-out somewhere and they start training on my input anyway.
And maybe that doesn't matter at all? But no AI lab has ever given me a convincing answer to the question "if I discuss company private strategy with your bot in January, how can you guarantee that a newly trained model that comes out in June won't answer questions about that to anyone who asks?"
I don't think that would happen, but I can't in good faith say to anyone else "that's not going to happen".
For any AI lab employees reading this: we need clarity! We need to know exactly what it means to "improve your products with your data" or whatever vague weasel-words the lawyers made you put in the terms of service.
This would make a great blogpost.
>I'm always going to be paranoid that I miss some opt-out somewhere
FYI, Anthropic's recent policy change used some insidious dark patterns to opt existing Claude Code users in to data sharing.
https://news.ycombinator.com/item?id=46553429
>whatever vague weasel-words the lawyers made you put in the terms of service
At any large firm, product and legal work in concert to achieve the goal (training data); they know what they can get away with.
I often think suspect that the goal isn't exclusively training data so much as it's the freedom to do things that they haven't thought of in the future.
Imagine you come up with non-vague consumer terms for your product that perfectly match your current needs as a business. Everyone agrees to them and is happy.
And then OpenAI discover some new training technique which shows incredible results but relies on a tiny slither of unimportant data that you've just cut yourself off from!
So I get why companies want terms that sound friendly but keep their options open for future unanticipated needs. It's sensible from a business perspective, but it sucks as someone who is frequently asked questions about how safe it is to sign up as a customer of these companies, because I can't provide credible answers.
To me this is the biggest threat that AI companies pose at the moment.
As everyone rushes to them for fear of falling behind, they're forking over their secrets. And these users are essentially depending on -- what? The AI companies' goodwill? The government's ability to regulate and audit them so they don't steal and repackage those secrets?
Fifty years ago, I might've shared that faith unwaveringly. Today, I have my doubts.
Why do you even necessarily think that wouldn't happen?
As I understand it, we'd essentially be relying on something like an mp3 compression algorithm to fail to capture a particular, subtle transient -- the lossy nature itself is the only real protection.
I agree that it's vanishingly unlikely if one person includes a sensitive document in their context, but what if a company has a project context which includes the same document in 10,000 chats? Maybe then it's more much likely that whatever private memo could be captured in training...
I despise the thumbs up and thumbs down buttons for the reason of “whoops I accidentally pressed this button and cannot undo it, looks like I just opted into my code being used for training data, retained for life, and having their employees read everything.”
> I mean, we all know that they're only doing this to build a training data set
That's not a problem. It leads to better models.
> to put your business out of business and capture all the value for themselves, right?
That's both true and paranoid. Yes, LLMs subsume most of the software industry, and many things downstream of it. There's little anyone can do about it; this is what happens when someone invents a brain on a chip. But no, LLM vendors aren't gunning for your business. They neither care, nor have the capability to perform if they did.
In fact my prediction is that LLM vendors will refrain from cannibalizing distinct businesses for as long as they can - because as long as they just offer API services (broad as they may be), they can charge rent from an increasingly large amount of the software industry. It's a goose that lays golden eggs - makes sense to keep it alive for as long as possible.
We've seen this playbook with social media - be nice and friendly until they let you get close enough to stick the knife in.
Doesn't matter to 99.99% of businesses using social media. Only to the silly ones who decided to use a platform to compete with the platform itself, and to the ones that make a platform their critical dependency without realizing they're making a bet, then being surprised by it not panning out.
Every startup is at the mercy of the big 3 (OpenAI, Anthropic, Google).
They can and most likely will release something that vaporises the thin moat you have built around their product.
This feels like the first time in tech where there are more startups/products being subsumed (agar.io style) than being created.
> They can and most likely will release something that vaporises the thin moat you have built around their product.
As they should if they're doing most of the heavy lifting.
And it's not just LLM adjacent startups at risk. LLMs have enabled any random person with a claude code subscription to pole vault over your drying up moat over the course of a weekend.
LLMs by their very nature subsume software products (and services). LLM vendors are actually quite restrained - the models are close to being able to destroy the entire software industry (and I believe they will, eventually). However, at the moment, it's much more convenient to let the status quo continue, and just milk the entire industry via paid APIs and subscriptions, rather than compete with it across the board. Not to mention, there are laws that would kick in at this point.
I think the function of a company is to address limitations of a single human by distributing a task across different people and stabilized with some bureaucracy. However, if we can train models past human scales at corporation scale, there might be large efficiency gains when the entire corporation can function literally as a single organism instead of coordinating separate entities. I think the impact of this phase of AI will be really big.
Surely they've reserved the best models for themselves and have people looking into how to optimally harness untapped potential from LLMs?
Edit: I guess the competition between them keeps them honest and forces them to release their best models so they don't lose face.
> the models are close to being able to destroy the entire software industry
Are you saying this based on some insider knowledge of models being dramatically more capable internally, yet deliberately nerfed in their commercialized versions? Because I use the publicly available paid SOTA models every day and I certainly do not get the sense that their impact on the software industry is being restrained by deliberate choice but rather as a consequence of the limitations of the technology...
Best defense is to basically stay small/niche enough that the big guys don't think your work is worth consuming/competing with directly.
There will always be a market for dedicated tools that do really specific things REALLY well.
I believe there has never been a better time to do a micro SaaS. For 200$ a month you can use Ruby on Rails, Laravel, Adonisjs, or some other boring full stack framework, to vibe code most things you need. Only a few things need to be truly original in any given SaaS product, while most of it is just the same old stuff that is amendable to vibe coding.
This means the smaller niches become viable. You can be a smaller team targeting a smaller niche and still be able to pull of a full SaaS product profitably. Before it would just be too costly.
And as you say, the smaller niches just aren't interesting to the big companies.
When some new tech comes along that unlocks big new possibilities - like PCs, the Internet, Smartphones (and now Agentic Chat AI) - the often recited wisdom is that you should look at what open green fields are now accessible that weren't before, and you should run there as fast as possible to stake your claim. Well there are now a lot of small pastures available that it are also profitable to go for as a small team/individual.
A CLI chat interface seems ideal for when you keep code "at a distance", i.e. if you hardly/infrequently/never want to peek at your code.
But for writing prose, I don't think chat-to-prose is ideal, i.e. most people would not want the keep prose "at a distance".
I bet most people want to be immersed in an editor where they are seeing how the text is evolving. Something like Zed's inline assistant, which I found myself using quite a lot when working on documents.
I was hoping that Cowork might have some elements of an immersive editor, but it's essentially transplanting the CLI chat experience to an ostensibly "less scary" interface, i.e., keeping the philosophy of artifacts separate from your chat.
I was hoping that zed’s inline assistant could make use of the CC subscription but sadly not; you have to pay for metered API usage. But for simple writing tasks, I hooked up Zed’s inline assistant to use Qwen3-30B-A3B running on my Mac via llama-server, and it works surprisingly well.
This looks useful for people not using Claude Code, but I do think that the desktop example in the video could be a bit misleading (particularly for non-developers) - Claude is definitely not taking screenshots of that desktop & organizing, it's using normal file management cli tools. The reason seems a bit obvious - it's much easier to read file names, types, etc. via an "ls" than try to infer via an image.
But it also gets to one of Claude's (Opus 4.5) current weaknesses - image understanding. Claude really isn't able to understand details of images in the same way that people currently can - this is also explained well with an analysis of Claude Plays Pokemon https://www.lesswrong.com/posts/u6Lacc7wx4yYkBQ3r/insights-i.... I think over the next few years we'll probably see all major LLM companies work on resolving these weaknesses & then LLMs using UIs will work significantly better (and eventually get to proper video stream understanding as well - not 'take a screenshot every 500ms' and call that video understanding).
I keep seeing “Claude image understanding is poor” being repeated, but I’ve experienced the opposite.
I was running some sentiment analysis experiments; describe the subject and the subjects emotional state kind of thing. It picked up on a lot of little detail; the brand name of my guitar amplifier in the background, what my t shirt said and that I must enjoy craft beer and or running (it was a craft beer 5k kind of thing), and picked up on my movement through multiple frames. This was a video slicing a frame every 500ms, it noticed me flexing, giving the finger, appearing happy, angry, etc. I was really surprised how much it picked up on, and how well it connected those dots together.
I regularly show Claude Code a screenshot of a completely broken UI--lots of cut off text, overlapping elements all over the place, the works--and Claude will reply something like "Perfect! The screenshot shows that XYZ is working."
I can describe what is wrong with the screenshot to make Claude fix the problem, but it's not entirely clear to what extent it's using the screenshot versus my description. Any human with two brain cells wouldn't need the problems pointed out.
> Claude is definitely not taking screenshots of that desktop & organizing, it's using normal file management cli tools
Are you sure about that?
Try "claude --chrome" with the CLI tool and watch what it does in the web browser.
It takes screenshots all the time to feed back into the multimodal vision and help it navigate.
It can look at the HTML or the JavaScript but Claude seems to find it "easier" to take a screenshot to find out what exactly is on the screen. Not parse the DOM.
So I don't know how Cowork does this, but there is no reason it couldn't be doing the same thing.
I wonder if there's something to be said about screenshots preventing context poisoning vs parsing. Or in other words, the "poison" would have to be visible and obvious on the page where as it could be easily hidden in the DOM.
And I do know there are ways to hide data like watermarks in images but I do not know if that would be able to poison an AI.
Considering that very subtle not-human-visible tweaks can make vision models misclassify inputs, it seems very plausible that you can include non-human-visible content the model consumes.
Maybe at one time, but it absolutely understands images now. In VSCode Copilot, I am working on a python app that generates mesh files that are imported in a blender project. I can take a screenshot of what the mesh file looks like and ask Claude code questions about the object, in context of a Blender file. It even built a test script that would generate the mesh and import it into the Blender project, and render a screenshot. It built me a vscode Task to automate the entire workflow and then compare image to a mock image. I found its understanding of the images almost spooky.
Claude Opus 4.5 can understand images: one thing I've done frequently in Claude Code and have had great success is just showing it an image of weird visual behavior (drag and drop into CC) and it finds the bug near-immediately.
The issue is that Claude Code won't automatically Read images by default as a part of its flow: you have to very explicitly prompt it to do so. I suspect a Skill may be more useful here.
I've done similar while debugging an iOS app I've been working on this past year.
Occasionally it needs some poking and prodding but not to a substantial degree.
I also was able to use it to generate SVG files based on in-app design using screenshots and code that handles rendering the UI and it was able to do a decent job. Granted not the most complex of SVG but the process worked.
Agents for other people, this makes a ton of sense. Probably 30% of the time I use claude code in the terminal it's not actually to write any code.
For instance I use claude code to classify my expenses (given a bank statement CSV) for VAT reporting, and fill in the spreadsheet that my accountant sends me. Or for noting down line items for invoices and then generating those invoices at the end of the month. Or even booking a tennis court at a good time given which ones are available (some of the local ones are north/south facing which is a killer in the evening). All these tasks could be done at least as well outside the terminal, but the actual capability exists - and can only exist - on my computer alone.
I hope this will interact well with CLAUDE.md and .claude/skills and so forth. I have those files and skills scattered all over my filesystem, so I only have to write the background information for things once. I especially like having claude create CLIs and skills to use those CLIs. Now I only need to know what can be done, rather than how to do it - the “how” is now “ask Claude”.
It would be nice to see Cowork support them! (Edit: I see that the article mentions you can use your existing 'connectors' - MCP servers I believe - and that it comes with some skills. I haven't got access yet so I can't say if it can also use my existing skills on my filesystem…)
(Follow-up edit: it seems that while you can mount your whole filesystem and so forth in order to use your local skills, it uses a sandboxed shell, so your local commands (for example, tennis-club-cli) aren't available. It seems like the same environment that runs Claude Code on the Web. This limits the use for the moment, in my opinion. Though it certainly makes it a lot safer...)
Do the people rushing off to outsource their work to chatbots have a plan to explain to their bosses why they still need to have a job?
What's the play after you have automated yourselves out of a job?
Retrain as a skilled worker? Expect to be the lucky winner who is cahoots with the CEO/CTO and magically gets to keep the job? Expect the society to turn to social democracy and produce UBI? Make enough money to live off investments portfolio?
Many people will have to ask themselves these question soon regardless of their actions. I don't understand the critique here.
For $200 month I’ll arrange my own desktop icons thanks. (Isn’t there a more compelling use case?)
I cannot see this page, I'm redirected to https://claude.com/fr-fr/blog/cowork-research-preview which don't exist. Private tab doesn't help
Same for me but with my language. US defaultism strikes again ;) https://archive.ph/dIVPO here is an archive link that works
This sounds really interesting. Perhaps this is the promise that Copilot was not. I'm really hoping that this gives people like my wife access to all the things I use Claude Code for.
I use Claude Code for everything. I have a short script in ~/bin/ called ,cc that I launch that starts it in an appropriate folder with permissions and contexts set up:
~ tree ~/claude-workspaces -d
/Users/george/claude-workspaces
├── context-creator
├── imessage
│ └── tmp
│ └── contacts-lookup
├── modeler
├── research
├── video
└── wiki
Likewise, the `modeler` knows to create OpenSCAD files and so on, the `wiki` context knows that I use Mediawiki for my blog and have a Template:HackerNews and how to use it and so on. I find these make doing things a lot easier and, consequently, more fun.
All of this data is trusted information: i.e. it's from me so I know I'm not trying to screw myself. My wife is less familiar with the command-line so she doesn't use Claude Code as much as me, and prefers to use ChatGPT the web-app for which we've built a couple of custom GPTs so we can do things together.
Claude is such a good model that I really want to give my wife access to it for the stuff she does (she models in Blender). The day that these models get really good at using applications on our behalf will be wonderful! Here's an example model we made the other day for the game Power Grid: https://wiki.roshangeorge.dev/w/Blog/2026-01-11/Modeling_Wit...
It's a little funny how the "Stay in control" section is mostly about how quickly you can lose control (deleting files, prompt injections). I can foresee non-technical users giving access to unfortunate folders and getting into a lot of trouble.
Funny timing. Written in 10 days just when this took off. https://clawd.bot/
Is anybody out there actually being more productive in their office work by using AI like this? AI for writing code has been amazing but this office stuff is a really hard sell for me. General office/personal productivity seems to be the #1 use-case the industry is trying to sell but I just don't see it. What am I missing here?
Can humans do nothing now? Is it harder to organise your desktop? I thought Apple already organises them into stacks. (edit: Apple already does this)
Is it that hard to check your calendar? Also feels insincere to have a meeting of say 30 mins to show a claude made deck that you did it in 4 seconds.
You can still do all these things manually. Now you just have the option not to.
I don’t think this is for _hard_ things but rather for repetitive tasks, or tasks where a human would bring no value. I’ve used Claude for Chrome to search for stays in Airbnb for example; something that is not hard but takes a lot of time to do by hand when you have some precise requirements.
It’s not that insincere if all the other attendees are just meeting-taking robots the end result of which will be an automated “summary of the meeting I attended for you” :)
How many people join meetings these days just to zone out and wait for the AI-produced summary at the end?
This looks pretty cool. I keep seeing people (an am myself) using claude code for more an more _non-dev_ work. Managing different aspects of life, work, etc. Anthropic has built the best harness right now. Building out the UI makes sense to get genpop adoption
Yeah, the harness quality matters a lot. We're seeing the same pattern at Gobii - started building browser-native agents and quickly realized most of the interesting workflows aren't "code this feature" but "navigate this nightmare enterprise SaaS and do the thing I actually need done." The gap between what devs use Claude Code for vs. what everyone else needs is mostly just the interface.
This is the natural evolution of coding agents. They're the most likely to become general purpose agents that everyone uses for daily work because they have the most mature and comprehensive capability around tool use, especially on the filesystem, but also in opening browsers, searching the web, running programs (via command line for now), etc. They become your OS, colleague, and likely your "friend" too
I just helped a non-technical friend install one of these coding agents, because its the best way to use an AI model today that can do more than give him answers to questions. I'm not surprised to see this announced and I would expect the same to happen with all the code agents becoming generalized like this
The biggest challenge towards adoption is security and data loss. Prompt injection and social engineering are essentially the same thing, so I think prompt injection will have to be solved the same way. Data loss is easier to solve with a sandbox and backups. Regardless, I think for many the value of using general purpose agents will outweigh the security concerns for now, until those catch up
For those worried about irrevocable changes, sometimes a good plan is all the output.
Claude Code is very good at `doc = f(doc, incremental_input)` where doc is a code file. It's no different if doc is a _prompt file_ designed to encapsulate best practices.
Hand it a set of unstructured SOP documents, give it access to an MCP for your email, and have it gradually grow a set of skills that you can then bring together as a knowledge base auto-responder instruction-set.
Then, unlike many opaque "knowledge-base AI" products, you can inspect exactly how over-fitted those instructions are, and ask it to iterate.
What I haven't tried is whether Cowork will auto-compact as it goes through that data set, and/or take max-context-sized chunks and give them to a sub-agent who clears its memory between each chunk. Assuming it does, it could be immensely powerful for many use cases.
Under the hood, is this running shell commands (or Apple events) or is it actually clicking around in the UI?
If the latter, I'm a bit skeptical, as I haven't had great success with Claude's visual recognition. It regularly tells me there's nothing wrong with completely broken screenshots.
The thing about Claude code, is that it's usually used in version controlled directories. If Claude f**s up badly, I can revert to a previous git commit. If it runs amock on my office documents, I'm going to have a harder time recovering those.
Cowork feels like a real step toward usable agent AI — letting Claude actually interact with your files rather than just answer questions. But that also means we’ll really learn how robust (and safe) this stuff is once people start trying it on messy, real workflows instead of toy tasks.
"Claude can’t read or edit anything you don’t give it explicit access to"
How confident are we that this is a strict measure?
I personally have zero confidence in Claude rulesets and settings as a way to fence it in. I've seen Claude decide desperately for itself what to access once it has context bloat? It can tend to ignore rules?
Unless there is a OS level restriction they are adhering to?
Yah I wouldn't.
In my opinion, these things are better run the cloud to ensure you have a properly sandboxed, recoverable environment.
At this point, I am convinced that almost anyone heavily relaying on desktop chat application has far too many credentials scattered on the file system ready to be grabbed and exploited.
I’ve tried just about every system for keeping my desktop tidy: folders, naming schemes, “I’ll clean it on Fridays,” you name it. They all fail for the same reason: the desktop is where creative work wants to spill out. It’s fast, visual, and forgiving. Cleaning it is slow, boring, and feels like admin.
Claude Cleaner, I mean Cowork will be sweeping my desktop every Friday.
Im sure itll be useful for more stuff but man…
A lot of people here are discussing the security challenges here. If you're interested I'm working on a novel solution to the security of these systems.
Basic ideas are minimal privilege per task in a minimal and contained environment for everything and heavy control over all actions AI is performing. AI can performs tasks without seeing any of your personal information in the process. A new kind of orchestration and privacy layer for zero trust agentic actions.
Redactsure.com
From this feed I figured I'd plug my system, would love your feedback! I beleive we are building out a real solution to these security and privacy concerns.
While the entire field is early I do believe systems like my own and others will make these products safe and reliable in the near future.
> Basic ideas are minimal privilege per task in a minimal and contained environment for everything and heavy control over all actions AI is performing.
The challenge is that no application on desktop is built around these privileges so there's no grant workflow.
Are you bytecode analysing the kernel syscalls an app makes before it runs? Or will it just panic-die when you deny one?
We're a zero trust cloud infra solution for power users.
It solves problems like prompt injection and secrets exposure. For host security you're right cloud is the only way to secure those heavily and one of the reasons we went that route with enclave attestation.
We offer a way for you to use AI agents without the AI provider ever able to see your sensitive information while still being able to use them in a minimized permission environment.
AI has a tough time leaking your credentials if it doesn't know them!
This seems like a thin client UX running Claude Code for the less technical user.
I like this idea but really do not want to share my personal data to cloud based LLM vendors.
I have a folder which is controlled by Git, the folder contains various markdown files as my personal knowledge base and work planning files (It's a long story that I have gradually migrate from EverNote->OneNote->Obsidian->plain markdown files + Git), last time I tried to wire a Local LLM API(using LMStudio) to claude code/open code, and use the agent to analyze some documents, but the result is not quite good, either can't find the files or answer quality is bad.
This is a great idea! I'm building something very similar with https://practicalkit.com , which is the same concept done differently.
It will be interesting for me, trying to figure out how to differentiate from Claude Cowork in a meaningful way, but theres a lot of room here for competition, and no one application is likely to be "the best" at this. Having said that, I am sure Claude will be the category leader for quite a while, with first mover advantage.
I'm currently rolling out my alpha, and am looking for investment & partners.
I've been using Claude Code in my terminal like a feral animal for months. Building weird stuff. Breaking things. Figuring it out as I go.
Cowork is the nice version. The "here's a safe folder for Claude to play in" version. Which is great! Genuinely. More people should try this.
But!!! The terminal lets you do more. It always will. That's just how it works.
And when Cowork catches up, you'll want to go further. The gap doesn't close. It just moves.
All of this, though, is good? I think??
I've had a similar experience. My sense is that there's no way this isn't how eventually most of knowledge work at the computer is going to work. Not necessarily through a terminal interface, I expect UIs to evolve quite a bit in the next few years, but having an omnipotent agent in the loop to do all of the gluing and gruntwork for you. Seems inevitable.
Tried Claude Cowork and Chatlily. Interesting idea, but Claude still feels stronger for my use cases.
I wrote up some first impressions of Claude Cowork here, including an example of it achieving a task for me (find the longest drafts in my blog-drafts folder from the past three months that I haven't published yet) with screenshots.
I tend to think this product is hard for those of us who've been using `claude` for a few months to evaluate. All I have seen and done so far with Cowork are things _I_ would prefer to do with the terminal, but for many people this might be their first taste of actually agentic workflows. Sometimes I wonder if Anthropic sort of regret releasing Claude Code in its 'runs your stuff on your computer' form - it can quite easily serve as so many other products they might have sold us separately instead!
The hero image with a set of steps:
1) Read meeting transcripts 2) Pull out key points 3) Find action items 4) Check Google Calendar 5) Build standup deck
feels like "how to put yourself out of a job 101."
It's interesting to see the marketing material be so straightforward about that.
Lmao its actually cute watching Anthropic and its employees desperately finding a way to stuff this into peoples lives - the reality is most people dont give a hoot about this stuff.
The folks working at these technology firms just dont get what the average person - who makes up most of the population - wants. They produce this fluffy stuff which may appeal to the audience here - but that market segment is tiny.
Also the use case of organising a desktop rocked me off my chair. LMAO!
We’re building something very similar but with files in the cloud instead.
Try it https://tabtabtab.ai
Would love some feedback!
This is cool, but Claude for Chrome seems broken - authentication doesn't work and there's a slew of recent reviews on the Chrome extension mentioning it.
Sharing here in case anybody from Anthropic sees and can help get this working again.
It may seem off-topic, but I think it hurts developer trust to launch new apps while old ones are busted.
I've been working with a claude-specific directory in Claude Code for non-coding work (and the odd bit of coding/documentation stuff) since the first week of Claude Code, or even earlier - I think when filesystem MCP dropped.
It's a very powerful way to work on all kinds of things. V. interested to try co-work when it drops to Plus subscribers.
There are lots of similar tools to Claude Code where a local executor agent talks to a remote/local AI. For example, OpenCode and Aider both support local models as well as remote (e.g. via OpenRouter).
Yes, I have that working via Roo Code in VS code. Doing a little searching I found this which looks promising: https://github.com/hyperfield/ai-file-sorter
Isn't this just a UI over Claude Code? For most people, using the terminal means you could switch to many different coding CLIs and not be locked into just Claude.
> For most people
Most people have no idea what a terminal is.
I guess they’re bringing Claude Code tools like filesystem access and bash to their UI. And running it in a “sandbox” of sorts. I could get behind this for users where the terminal is a bit scary.
Most people working office jobs are scared of the terminal though. I see this as not being targeted at the average HN user but for non-technical office job workers. How successful this will be in that niche I'm not certain of, but maybe releasing an app first will give them an edge over the name recognition of ChatGPT/Gemini.
This is interesting because in the other thread about Anthropic/Claude Code, people are arguing that Anthropic is right to focus on what CC is good at (writing code).
I tried to get Claude to build me a spreadsheet last night. I was explicit in that I wanted an excel file.
It’s made one in the past for me with some errors, but a framework I could work with.
It created an “interactive artifact” that wouldn’t work in the browser or their apps. Gaslit me for 3 revisions of me asking why it wasn’t working.
Created a text file that it wanted me to save as a .csv to import into excel that failed hilariously.
When I asked it to convert the csv to an excel file it apologized and told me it was ready. No file to download.
I asked where the file was and it apologized again and told me it couldn’t actually do spreadsheets and at that point I was out of paid credits for 4 more hours.
Really like the look of this. I use Claude Code (and other CLI LLM tools) to interact with my large collection of local text files which I usually use Obsidian to write/update. It has been awesome at organization, summarization, and other tasks that were previously really time consuming.
Bringing that type of functionality to a wider audience and out of the CLI could be really cool!
I would like to thank the 100,000 people in Madagascar[1] who made it all possible by creating training data for ~€0.30 per hour.
I mean this as genuinely non-snarkily as possible: I have been literally building my own personal productivity and workflow tools that could do things as shown.
Is this now a violation of the Claude terms of service that can get me banned from claude-code for me to continue work on these things?
Anthropic: we will do the Code button first, then we implement Non-Code button.
OpenAI: we will do the Non-Code button first, then we implement the Code button.
Not sure if this correct. Codex was one of the first research projects long before Anthropic was started as a company. May be they did not see it as a path to AGI. It seems like coding is seen by few companies as the path to general intelligence (almost like Matrix where everything is code).
I think the next step for these big AI companies will be to launch their own operating systems, probably Linux distributions.
Depends if the job requires a lot of information and the person is excellent at what they do, bc then AI augments the worker more than substitutes them.
But for many people, yes, AI will mostly substitute their labor (and take their job, produce operating margin for the company).
Can it use the browser or the machine like a human? Meaning I can ask it to find a toaster on http://Target.com and it'll open my browser and try it?
I'm already using Claude Code to organize my work and life so this makes a lot of sense. However, I just tried it and it's not clear how this is different than using Claude with projects. I guess the main difference is that it can be used within a local folder on one's computer, so it's more integrated into ones workflow, rather than a project where you need to upload your data. This makes sense.
I'm a bit shocked to see so many negative comments here on HN. Yes, there are security risks and all but honestly this is the future. It's a great amplifier for hackers and people who want to get stuff done.
It took some training but I'm now starting almost all tasks with claude code: need to fill out some word document, organize my mail inbox, write code, migrate blog posts from one system to another, clean up my computer...
It's not perfect perfect, but I'm having fun and I know I'm getting a lot of things done that I would not have dared to try previously.
So people shouldn't say their opinion because your opinion says its the future? Is all future good? I don't think a great hacker would struggle to organise their desktop or they will waste their team's time with AI generated deck but no one can stop others from using it.
> I'm a bit shocked to see so many negative comments here on HN. Yes, there are security risks and all but honestly this is the future. It's a great amplifier for hackers and people who want to get stuff done.
TBH this comment essentially reads as "other commenters are dumb, this is the future b/c I said so, get in line".
No, this doesn't need to be the future. There's major implications to using AI like this and many operations are high risk. Many operations benefit greatly from a human in the loop. There's massive security/privacy/legal/financial risks.
Dont worry. The same Bozos spoke like that to Steve Jobs and we all know who was a better predictor of the technology.. funnily enough it wasnt the guy who is deep into the technology but has a better understanding of people.
Which most technologists fundamentally lack, even if their ego says otherwise.
I certainly don't think people on HN are dumb, I'm surprised that the sentiment towards this is just talking so much about the downside and not the upside.
And look I do agree that humans should be the one responsible for the things they prompt and automate.
What I understand is that you let this lose in a folder and so backups and audits are possible.
> Yes, there are security risks and all but honestly this is the future.
That’s it? There are security risks but The Future? On the one hand I am giving it access to my computer. On the other hand I have routine computer tasks for it to help with?
Could these “positive” comments at least make an effort? It’s all FOMO and “I have anecdotes and you are willfully blind if you disagree”.
The issue here with the negativity is that it appears to ignore the potential tremendous upside and tends to discuss the downside and in a way that appears to make as if it's lurking everywhere and will be a problem for everyone.
Also trying to frame it as protecting vulnerable people who have no clue about security and will be taken advantage of. Or 'well this must be good for Anthropic they will use the info to train the model'.
It's similar to the privacy issue assuming everyone cares about their privacy and preventing their ISP from using the data to target ads there are many people who simply don't care about that at all.
> I'm a bit shocked to see so many negative comments here on HN.
Very generally I suspect there are many coders on HN who have a love hate relationship with a tool (claude code) that has and will certainly make many (but not all) of them less valuable given the amount of work it can do with even less than ideal input.
This could be a result of the type of coding that they do (ie results of using claude code) vs. say what I can and have done with it (for what I do for a living).
The difference perhaps is that my livlihood isn't based on doing coding for others (so it's a total win with no downside) and it's based on what it can do for me which has been nothing short of phemomenal.
For example I was downvoted for this comment a few months ago:
https://news.ycombinator.com/item?id=45932641
Just one reply (others are interesting also):
"HN is all about content that gratifies one’s intellectual curiosity, so if you are admitting you have lost the desire to learn, then that could be triggering the backlash."
(HN is about many things and knowing how others think does have a purpose especially when there is a seismic shift that is going on and saying that I have lost the desire to learn (we are talking about 'awk' here is clearly absurd...)).
ofc this shit happens when its my turn to be an adult. what’s like even the point anymore?
People do realize that if they're doing this, they're not feeding "just" code into some probably logging cloud API but literally anything (including, as mentioned here, bank statements), right?
Right?
RIGHT??????
Are you sure that you need to grant the cloud full access to your desktop + all of its content to sort elements alphabetically?