Before You Use Claude Cowork on Mac:
Permissions, Privacy, and File Security
Claude Cowork works on real files—and its security boundary depends on which files, tools, and instructions you give it. Run a permissions check first: share less, split by task, redact first, draft before you send. (Checked 2026-06-03)
how to limit · how to verify
data tiering
names · amounts · email · credentials · internal links
1Understand the shared scope: what files can Cowork see?
Claude Cowork operates on the work locations you actively choose to share—a project folder, a desktop subfolder, or files you drag into a session. Once you authorize a directory, its subfiles may be read, summarized, or rewritten. Connectors (Gmail, Slack, Drive) and browser capabilities expand that reach further. Your effective scope = folder + connected services + paths mentioned in task instructions.
2Tier your data: what goes in, what stays out?
Before you authorize anything, sort materials into three tiers:
| Tier | Typical content | What to do |
|---|---|---|
| Standard | Public docs, drafts with no client info, open-source code | Safe to place in the workspace |
| Sensitive | Client contracts, financials, employee records, unreleased plans | Redact or copy into an isolated folder |
| Off-limits | Keys, passwords, private keys, ID scans, original NDA files | Never put in the workspace |
Company and client files often live in the same folder. Move anything AI should not see before you start, or create a cowork-sandbox/ directory and copy redacted versions there only.
3Redact or copy first: five fields to check
You do not have to skip AI assistance on sensitive work—you need to process before you share. Before files enter the workspace, scan for: client or company names (generalize to "Client A"), dollar amounts (use ranges), email and phone numbers (placeholders), credentials and tokens (remove; reference env vars instead), and internal URLs (describe in text or redact screenshots).
4Review outputs: summaries can leak sensitive fields
Reports, email drafts, and spreadsheet summaries Cowork generates may repeat sensitive fields from your inputs—or infer business data by cross-referencing multiple files. After each task, check outputs for real names, credentials, and internal URLs. Review the change summary or draft preview before you save anything.
5Confirm before anything goes out
Emails, form submissions, and client file delivery should never be fully automated. Cowork can draft; you click Send. Write "draft only, do not send" in your instructions, and manually verify recipients, attachments, and sensitive content in the body before anything leaves your machine.
6Team accounts: org rules override personal habits
On enterprise plans, also align with: admin policies (connectors, data retention—per Anthropic's terms and your admin console), company AI usage guidelines (which data classifications may enter Cowork), and audit and retention (team plans may log conversations). When in doubt, ask your admin before connecting production data sources.
+Isolate your Cowork workspace on Mac mini
If you regularly handle client or company documents, run Cowork on a dedicated Mac mini physically separated from your daily driver—workspace holds redacted copies only. Mac mini M4 draws about 4W at idle, making it practical as a 24/7 AI assist node. Gatekeeper, SIP, and FileVault pair well with least-privilege folder sharing to reduce accidental over-sharing.
If you are evaluating Claude Cowork on Mac, a standalone Mac mini M4 is a cost-effective isolation layer—explore setup options now and keep sensitive tasks separate from everyday work.
- 1Authorize only the current task folder; redact or copy sensitive content into a sandbox first
- 2Instructions should say "draft only, no auto-send, confirm outputs before saving"
- 3Scan outputs for leaked sensitive fields; outbound actions require a manual click
- 4On team accounts, follow admin policies and company guidelines