Claude's browser agent: What I checked before going all in.

Written By Mariana Ferreira

I've been using Claude's Cowork browser agent for a few months now. It opens Chrome, navigates pages, reads content, fills forms, pulls data. Saves me more than 6 hours a week on tasks I used to do manually.

At some point I got curious about what's actually happening while it works. So I went and looked it up, directly from Anthropic's own documentation.

What the browser agent actually does

Cowork is Claude's desktop app. The browser agent is one of its tools: it controls Chrome on your behalf, reads what's on screen, and takes action based on what it sees.

According to Anthropic, Claude takes screenshots of your screen to understand what it's looking at, sends those screenshots to Anthropic's servers for processing, acts on what it sees, and repeats. It's not reading the DOM or parsing code. It's literally looking at your screen the way a person would.

That's what makes it powerful. It works across any app, any website, any interface without an integration. But it also means Claude has eyes on everything visible on your screen while it's running.

Where the data goes

Those screenshots are processed on Anthropic's servers and stored in the US. Not in the EU. Anthropic's privacy center is explicit: "Data is stored in the US." By default, screenshots are deleted within 30 days, unless your company has negotiated different terms.

And there is no sandbox between Claude and your screen. Unlike code execution, which runs in a virtual machine, or file operations, which go through permission checks, computer use interacts directly with your apps, browser, and desktop. Claude clicks, types, and navigates without the same permission gates that apply to other Cowork tools.

Anthropic's guidance is to keep sensitive apps closed while it works. Not because the tool is broken, but because it's designed to see and act on everything it has access to.

What this means if you're in Germany or the EU

For people used to procuring SaaS tools, none of this is surprising. You check the DPA, confirm data residency, assess the risk. Standard process.

But a lot of small B2B teams are adopting Cowork the same way they adopt any productivity tool. Download, try, keep using. And if you're in the EU handling client data, employee data, or anything under GDPR, screenshots of your screen being processed and stored in the US is something you need to account for.

That doesn't mean you can't use it. It means you need a data processing agreement in place with Anthropic and a clear picture of what data is visible on screen when the agent is running. Anthropic offers a DPA for commercial customers, and enterprise customers can negotiate custom retention terms. But that has to happen before you start using it for anything sensitive, not after.

Also worth knowing: Cowork activity is not captured in audit logs, the Compliance API, or data exports. If your organization needs audit trails for compliance purposes, Anthropic explicitly says not to use Cowork for regulated workloads. At least not yet.

What I actually do

I don't use it for anything involving client data, financial records, or sensitive documents. For research, scheduling, form-filling on my own accounts, and content workflows, it's one of the most useful tools I've added this year.

The point isn't to avoid it. The point is to know what it touches before you plug it into your workflow.

All claims sourced directly from Anthropic's official docs:

Mariana Ferreira
Next

I set up a CRM on Attio. Here's what I found out about it.