Should You Install Claude Cowork on Work Computers? What Law Firms, Financial Firms, and Construction Companies Need to Know First
The decision to install Claude Cowork on work computers is one leadership needs to make with full information — not after the fact.
Quick Summary
Installing Claude Cowork on business computers introduces real security and compliance risks that law firms, financial firms, and construction companies need to understand before approving the request.
What you'll learn in this article
- Claude Cowork is a desktop AI agent that reads files, takes actions, and runs tasks on your computer — it's not a chatbot, and that distinction changes your risk profile
- Security researchers have documented working attacks, including one where an ordinary Word document silently uploaded client files to an attacker's account — without the user clicking anything
- You don't have to choose between Claude's AI capability and compliance — Microsoft 365 Copilot now includes Claude models inside Microsoft's audit and governance framework
- Copilot Cowork (the enterprise version) is promising but not broadly available yet — this article covers what you can actually act on today
- eSudo helps Bay Area businesses navigate this decision without blocking productivity or exposing client data
Claude Cowork is one of the most capable AI tools available today — and one of the riskiest things you can install on a business computer without the right guardrails in place. Installing it on work devices changes your organization's security and compliance profile in ways that leadership needs to understand before saying yes. This article explains what Claude Cowork actually does, what documented risks exist, and the options available so your team can make an informed decision.
We're writing this because we're getting the same question from law firms, financial advisory firms, and construction companies across the Bay Area: "Our team wants Claude. Can you install it for us?" The answer isn't no — but it's not a simple yes either. Here's what you need to know.
"The question isn't whether Claude Cowork is allowed. The question is how you want to manage the risk — and whether your current setup gives you the visibility to do that."
Why businesses built on trust have to think about this differently
Most of your team sees Claude Cowork as a productivity tool. And they're right — it is. It helps people write faster, think through complex problems, organize information, and get more done in a day. That's exactly why so many employees are asking for it.
But for law firms, financial advisors, and construction companies managing sensitive contracts and client data, the risk calculus is different than it is for a marketing agency or a retail operation. You're dealing with attorney-client privilege, fiduciary obligations, confidential financial records, and project data that competitors would love to get their hands on. ABA Model Rules 1.1 and 1.6 require attorneys to take competent, reasonable steps to protect client information — and "I didn't know the AI tool could do that" is not a defense when something goes wrong.
The goal here isn't to protect IT from a help desk ticket. It's to protect your clients, your reputation, and your business from a risk that looks like a productivity tool.
"Claude feels like a Mercedes. Copilot feels like a Honda." Here's why that comparison matters.
We hear this analogy a lot, and it's actually pretty accurate — as long as you understand what it means for your business.
🏎️ Claude Cowork
High performance, flexible, fast. Operates directly on your desktop. Powerful — but designed for users willing to manage the risk themselves.
🚗 Microsoft Copilot
Built for regulated business environments. Designed around audit logs, compliance frameworks, and IT governance — not raw capability alone.
Both are valuable. But a Mercedes without insurance, in a city with strict traffic laws, driven by someone who's never read the manual — that's where things get complicated. The tool itself isn't the problem. The context in which it runs is.
What Claude Cowork actually does on your computer
This is where most people are surprised. Claude Cowork is not a chatbot. It's an autonomous desktop agent — which means it doesn't just answer questions, it takes actions.
Once installed, Cowork can read and write files on the machine, interact with your browser and desktop applications, schedule tasks that run in the background while you're not watching, and — when connected to extensions — move data between applications like Excel and PowerPoint without you explicitly directing it. Anthropic's own documentation describes it clearly: when Claude uses your computer, it works outside a virtual machine and interacts directly with your apps, browser, and desktop.
That's a meaningfully different attack surface than a browser tab or a cloud app. It's more like giving a highly capable contractor the keys to your office and your filing cabinets. Most people wouldn't do that without some vetting. The same logic applies here.
Documented security risks — not theoretical ones
We want to be specific here, because vague warnings don't help anyone make a real decision.
The Word document that exfiltrated client files
Two days after Claude Cowork launched publicly, security researchers at PromptArmor demonstrated a real attack. A Word document containing hidden text — formatted in one-point white font, completely invisible to the human eye — was enough to trick Cowork into uploading sensitive files, including financial documents with partial Social Security numbers, to an attacker-controlled account. The user never clicked a link. Never downloaded a suspicious file. They just opened a document. Think about how many Word files move through a law firm or financial advisory practice in a single day.
Anthropic has partially patched this vulnerability, but security researchers note the underlying architectural issue — that Cowork's environment explicitly trusts Anthropic's own API as a data channel — remains unsolved.
The calendar event that took over the computer
Separately, security firm LayerX discovered that Claude Desktop Extensions — plugins that expand what Cowork can do — run without sandboxing and with full system privileges. They demonstrated that a malicious calendar event could trigger arbitrary code execution on the machine when a user asked Cowork to "take care of" their calendar. That vulnerability received a CVSS severity score of 10 out of 10 — the highest rating possible.
No audit trail for compliance
Anthropic states explicitly in their product documentation: Cowork activity is not captured in audit logs, Compliance API, or data exports. For organizations subject to ABA Rules, cyber insurance requirements, or financial regulations, this means you may have an AI agent acting on your behalf with no record of what it did or what data it touched. That's a gap most compliance frameworks don't allow.
Important update: you don't have to choose between Claude and compliance
This is where the conversation has changed significantly in the past few months — and it changes the options available to your organization.
Microsoft now offers Claude models natively inside Microsoft 365 Copilot. Claude Sonnet and Claude Opus are available in the Researcher agent and in Copilot Studio for building custom workflows — all within Microsoft's enterprise security and compliance framework. Your organization's admin enables it in the Microsoft 365 admin center, and from that point forward you get Claude's reasoning capabilities alongside Microsoft's audit logs, data loss prevention rules, and governance controls.
Microsoft has even built a "Critique" feature where GPT drafts a response and Claude reviews it for accuracy before you see it — two models checking each other's work, inside one compliant environment. For a law firm or financial firm that needs both capability and accountability, this is now a real, production-ready path. Not a compromise.
One thing worth noting: Microsoft Copilot is not risk-free either. Because Copilot inherits whatever file permissions a user already has in Microsoft 365, poor data governance inside your M365 tenant can create its own exposure. That's why the conversation about AI tools is really a conversation about your overall data hygiene — which is something eSudo can assess for you before you flip any switches.
What about Copilot Cowork — isn't that the same thing?
You may have heard about Copilot Cowork — Microsoft's version of the autonomous agent experience, built in close collaboration with Anthropic and powered by the same Claude engine. It's the right long-term direction, and it's genuinely exciting: it would give your team Claude's autonomous task capabilities inside Microsoft 365, with full audit trails, governance controls, and no desktop app to manage. In many ways, it's exactly what regulated businesses have been waiting for.
⏳ Availability Status — April 2026
Copilot Cowork is currently available through Microsoft's Frontier early-access program only — not as a standard feature your organization can simply turn on. Accessing it requires enrollment in the Frontier program, an existing Microsoft 365 Copilot license, and for most small and mid-size businesses, a licensing upgrade that may not be cost-effective yet. General availability has no confirmed date from Microsoft. Analyst estimates point to sometime in Q2 or Q3 2026, with final pricing — including whether long-running tasks carry additional consumption costs — still unannounced.
We're tracking Copilot Cowork closely and will help our clients evaluate it as it matures. But for organizations asking us right now what to do about Claude, Copilot Cowork is not yet a practical answer — it's a reason to feel good about the direction Microsoft and Anthropic are heading together. The options below reflect what's actually available and deployable for your business today.
Your options — and what each one means for your organization
✅ Option 1 — Recommended: Microsoft Copilot on work computers
Keep Claude Cowork off work devices. Use Microsoft 365 Copilot instead — with Claude models enabled through the admin center where your organization wants that capability. You get advanced AI reasoning, compliance-grade audit trails, and no separate software installed locally. This is the path we recommend for most law firms, financial firms, and construction companies we work with.
⚠️ Option 2 — Balanced: Claude in a browser only, no desktop app
Some organizations are comfortable using Claude via the web browser at claude.ai without installing the desktop Cowork application. This limits Claude to the conversational interface — no file access, no system actions, no scheduled tasks. Lower risk than full Cowork, though it still requires a policy around what data employees paste into the session.
⛔ Option 3 — Last Resort: Install Claude Cowork with written risk acknowledgment
We will install Claude Cowork on work computers if that's what leadership chooses — but only after a written risk acknowledgment that documents the compliance gaps, the documented vulnerabilities, and what data categories will be kept away from the tool. Anthropic's own documentation explicitly says not to use Cowork for regulated workloads. If your firm handles regulated data — and most of our clients do — this option requires careful scoping.
How eSudo helps businesses navigate this
We've been getting calls about Claude Cowork from across the Bay Area — law firms in San Jose and Palo Alto, financial advisors in San Francisco, construction and engineering firms in the South Bay. The question is always some version of the same thing: "Our people want this. How do we do it safely?"
Our starting point is always an honest conversation about what your team is actually trying to accomplish and what your current compliance obligations look like. From there, we can configure Microsoft 365 Copilot with Claude models enabled, establish a policy around browser-based Claude use, assess whether your M365 data governance is tight enough before you turn on any AI agents, and document the decision — whatever it is — so leadership is protected.
We're not here to tell you Claude is off-limits. We're here to make sure that whatever you choose, you understand the tradeoffs and your clients' data stays where it belongs. If you'd like to talk through what makes sense for your organization, schedule a conversation with our team here.
Frequently Asked Questions
Is Claude Cowork safe to use at work?
Claude Cowork is a powerful tool, but installing it on work computers introduces real security and compliance risks that security researchers have documented with specific, working attacks — not just theoretical concerns. For businesses in regulated industries like law, finance, or construction, the risks are significant enough that we recommend evaluating alternatives like Microsoft Copilot with Claude models before installing the desktop app. If your organization decides to proceed, a written risk acknowledgment and data handling policy should be in place first.
Can we get Claude's AI capability without installing Claude Cowork?
Yes — and this is one of the most important things to understand. Microsoft 365 Copilot now includes Claude models (Sonnet and Opus) available through features like the Researcher agent and Copilot Studio. Your organization can access Claude's reasoning and analysis capabilities inside the Microsoft compliance and audit framework, without installing a desktop agent that operates outside those controls. Your IT administrator enables it through the Microsoft 365 admin center.
Are the security risks real, or just theoretical?
They are real and documented. Within two days of Cowork's public launch, security researchers demonstrated a working attack where a Word document with hidden invisible text caused Cowork to upload sensitive files — including financial documents containing partial Social Security numbers — to an attacker's account, without the user taking any action beyond opening the file. A separate vulnerability in Claude Desktop Extensions received a CVSS score of 10 out of 10 — the highest possible severity rating. Anthropic has patched some of these issues, but security researchers have noted the underlying architecture creates ongoing exposure.
What is the safest way to use Claude today for a law firm or financial firm?
The safest path for a regulated business is to use Claude through Microsoft 365 Copilot, where activity is covered by Microsoft's enterprise data protection framework and audit logging. Using Claude through a browser session at claude.ai (without the desktop app) is a lower-risk alternative when the full Copilot investment isn't in place yet. In either case, your team should have clear guidance on what types of data — client names, financial records, matter details — should not be entered into any AI session without understanding how that data is handled.
What does eSudo actually do to help with this?
We start by understanding what your team wants to accomplish with AI and what your compliance obligations look like — whether that's ABA Rules for a law firm, fiduciary standards for a financial advisory, or contract confidentiality for a construction firm. From there, we can configure the right toolset, establish a usage policy, and document the decision so leadership has a clear record of what was considered and why. We've been doing this for businesses in Silicon Valley and the Bay Area since 2001, and we'll give you a straight answer — not a sales pitch.
Bottom line
Claude Cowork is impressive technology. We understand why your team is asking for it, and we're not in the business of blocking productivity. But "we installed it because someone asked" isn't a risk management strategy — especially when client data, privilege, and compliance obligations are on the line.
The good news is that you don't have to choose between capability and compliance anymore. Claude's AI is available inside Microsoft 365. The question is which path fits your organization — and we're happy to help you figure that out.
Schedule a Conversation with eSudo →