Anthropic launched Dispatch on March 18, a new feature for Claude Cowork that lets you control your desktop AI agent from your phone. Message Claude while you’re out, and it works on your computer back home—organizing files, searching documents, running tasks.
The pitch is convenience: send a task from your phone, return to find it done. The reality is more complicated.
How Dispatch Works
Dispatch creates a persistent connection between the Claude mobile app and Claude Desktop. You scan a QR code, and the two link up. From that point on, you can send text instructions from your phone, and Claude executes them on your desktop using whatever access you’ve already granted—files, folders, connectors like Gmail or Notion, browser access.
Your computer needs to be awake with Claude Desktop running. The connection is end-to-end encrypted, and according to Anthropic, processing happens locally: “Your files never leave your computer.”
The feature is available now to Pro ($20/month) and Max ($100-200/month) subscribers on both Mac and Windows.
What It Can Do
The intended workflow: you’re at lunch, remember you need a summary of last quarter’s reports, and message Claude to prepare it. When you get back to your desk, the summary is waiting.
Early testers report mixed results. Simple tasks—finding files, basic summaries—work reliably. Complex multi-step tasks hit around 50% success rate. The persistent context helps: Claude remembers previous conversations, so you can build on earlier work without re-explaining everything.
The 38+ connectors (Gmail, Slack, Google Drive, Notion, Calendar, etc.) extend what’s possible. You could, in theory, ask Claude to check your calendar, draft an email based on a document in Drive, and schedule it for later—all from your phone.
The Security Trade-Off
Here’s what Anthropic’s safety page says about Dispatch:
“Instructions issued remotely could result in direct changes, including modification or deletion of files… Review what access you’ve granted Claude in Cowork, and consider whether that level of access is appropriate when reachable from your phone.”
This is the core tension. Dispatch doesn’t change what Claude can access—it changes where you can trigger it from. Every permission you’ve granted to Cowork now extends to your phone.
If you gave Claude access to your Documents folder, that access is now available from anywhere with cell service. If you connected your email, anyone who gets hold of your phone can potentially instruct Claude to read or compose messages using your computer.
The prompt injection risks we covered in February also apply remotely. If a malicious document is sitting in one of Claude’s authorized folders, Dispatch can still trigger it—you’re just doing it from further away.
What’s Different From Regular Cowork
The key difference is persistence. Regular Cowork sessions start and end. Dispatch maintains a continuous thread. Claude stays active on your desktop, maintaining context between your commands.
This is genuinely useful for ongoing projects. You don’t have to re-brief Claude on what you’re working on every time you open the app. But it also means Claude has continuous access to your authorized resources, not just during active sessions.
Harmonic Security’s practitioner guide recommends treating Dispatch-enabled Cowork like any privileged access system: review permissions regularly, use dedicated folders rather than broad access, and maintain backups of anything Claude can modify.
The Phone-Desktop Attack Surface
Your phone is now a remote control for your computer’s AI agent. That creates some scenarios worth considering:
Lost or stolen phone: Anyone who unlocks your phone can message your home computer. The connection is encrypted, but if someone has your unlocked device, they have Dispatch access.
Shoulder surfing: Someone watching you type on your phone could see what tasks you’re sending to your computer.
Compromised phone: If malware is on your phone, it potentially has a path to your desktop—not through a network exploit, but through natural Dispatch usage.
None of these are unique to Dispatch. They’re the same risks that come with any remote access tool. But they’re now relevant to AI agent access, which means they’re relevant to whatever files, emails, and services you’ve connected to Cowork.
Who Should Use This
Dispatch makes sense if:
- You already use Cowork regularly
- You have tasks that benefit from persistent context
- You’re comfortable with the access you’ve granted Claude
- Your phone security is solid (strong passcode, biometrics, find-my-device enabled)
Dispatch probably isn’t for you if:
- You’ve given Cowork access to sensitive data you wouldn’t want remotely accessible
- You share devices or have loose phone security
- You work in regulated industries with data access audit requirements
Enterprise customers should note that Dispatch activity isn’t captured in audit logs—the same gap that affects regular Cowork.
The Bigger Picture
Dispatch is part of a broader trend: AI agents that work continuously rather than in discrete sessions. OpenAI’s GPT-5.4 shipped with native computer use capabilities. Microsoft’s Copilot Tasks runs overnight. Perplexity’s Comet operates in the background.
The convenience is real. So are the expanding attack surfaces. Every persistent AI agent is a potential entry point—and every remote control method adds another path to that entry point.
If you do use Dispatch, Anthropic’s advice is worth following: “Consider creating a dedicated working folder for Claude rather than granting broad access, and keep backups of important files.”
Your phone can now reach your desktop AI agent. Make sure you’re comfortable with everything that agent can reach.