Computer Use demo

The Safe Browser Chore Demo

Show Claude using browser/computer workflows on non-sensitive tasks while keeping permissions and prompt-injection risk visible.

Operations teams, exec assistants, QA teams Advanced 20-40 minutes

"research preview"

Setup: what the audience sees

The reveal is watching the model move from instruction to visible action. The best version keeps the scope boring and safe so the audience notices the workflow rather than worrying about data exposure.

The setup matters because Claude demos fail when the prompt hides the goal, mixes private data into a public reveal, or asks for a finished answer without giving the model a way to expose assumptions.

  • Use a non-sensitive public workflow, such as collecting public conference dates or comparing documentation pages.
  • Close sensitive apps and documents before the demo.
  • Use a task where the correct outcome is easy to inspect.

What this does not prove

It does not prove autonomous desktop work is safe for sensitive domains. Anthropic describes computer use as a research preview with evolving risks.

Copyable prompt Plain text
<task>
Use the browser to collect public information from three official event pages and
produce a comparison table.
</task>
<scope>
- Only use public websites.
- Do not log in anywhere.
- Do not open email, banking, health, legal, HR, or customer-data apps.
- Ask before leaving the browser.
</scope>
<output>
Create a table with event name, official URL, date, location, and one uncertainty
or follow-up question per event.
</output>

The reveal: what should happen

  • Claude should ask for or respect app permissions rather than silently taking broad control.
  • The output should include source URLs and uncertainties.
  • A good demo makes stopping and supervising the agent feel normal.

Verification steps

A demo becomes useful when the audience can inspect it. Use the steps below to turn the reveal from theater into a repeatable workflow.

  1. Click each official URL and verify the date/location row.
  2. Check that Claude did not use unofficial aggregator pages when official pages were available.
  3. Inspect browser history or task trace if the product surface provides one.

Guardrails

  • Never demo with financial, health, legal, HR, customer, or credential surfaces.
  • Assume visible screen content can be processed.
  • Treat prompt injection as a live risk when browsing the web.

Variations

  • QA a public marketing page against a checklist.
  • Gather public product pricing pages into a comparison table.
  • Walk through a non-authenticated documentation task.

FAQ

Why make the task boring?

A low-risk task lets viewers see the permission model, supervision pattern, and failure modes without exposing sensitive data.

Can I use this with internal dashboards?

Only after a separate risk review. The public demo should avoid authenticated or sensitive systems.

Related demos

Primary Sources

These demos cite official Anthropic docs or help-center pages for capability claims. They do not claim identical output across accounts, plans, models, or dates.

Claude Help Center

Let Claude use your computer in Cowork

Computer use lets Claude interact with permitted apps and files, but Anthropic warns users to avoid sensitive apps and monitor behavior.

Claude Help Center

Enable and use web search

Claude web search can be enabled in chat and grounds responses with current web content and source links.

Claude Platform Docs

Prompting best practices

Anthropic guidance emphasizes explicit instructions, output formats, tool-use direction, and model-specific prompt updates.