Skip to content
tecminds

Claude Cowork Goes Mobile: What Anthropic's Background AI Agents Mean for Swiss SMEs

Anthropic expanded Claude Cowork to web and mobile on July 7, 2026, and revealed that 90% of Cowork sessions have nothing to do with coding. Here is what background, cross-device AI agents mean for SME operations, and the governance gap you need to close before rolling them out.

TTobias LüscherCo‑Founder · TecMinds2026-07-16 · 8 min read

Claude Cowork Goes Mobile: What Anthropic's Background AI Agents Mean for Swiss SMEs

On July 7, 2026, Anthropic took Claude Cowork off the desktop and put it in your pocket. Cowork — the "hand Claude real work" product that runs multi-step tasks against your own files and tools — is now reachable from claude.ai in the browser and from the Claude app on iOS and Android, starting with Max subscribers and rolling out to other plans over the following weeks. You can start a task at your desk, close the laptop, and Claude keeps working. It can run entirely in the background with no device online at all, and you can schedule work for a specific time and let it execute autonomously. Anthropic doubled Cowork's usage limits to mark the rollout and extended that doubling through August 5, 2026.

That alone would be a solid product update. What makes it the most consequential AI story of the week isn't the mobile app — it's the usage data Anthropic published alongside it. The company analyzed 1.2 million anonymized Cowork sessions across more than 600,000 organizations, sampled between May 11 and 31, 2026, and found that more than 90% of sessions had nothing to do with software development. For a company whose entire public identity has been built on coding — Claude Code, SWE-bench leaderboards, "the best model for agentic coding" — that is a striking admission about where the actual demand for autonomous AI agents is coming from. It also happened in the same week OpenAI launched its own competing "ChatGPT Work" agent, on July 9, which TechCrunch bluntly described as "the coding agent wars spilling into the rest of the office." Two frontier labs, in the same week, converging on the same bet: the next fight isn't over who writes better code, it's over who can be trusted to run your back office.

What the Usage Data Actually Shows

Anthropic's breakdown of that 1.2 million sessions is worth sitting with, because it maps almost exactly onto the kind of work SMEs have been asking us about for the past year — not "can it write a script," but "can it do the tedious connective work nobody has time for":

  • Business process and operations — 33.4%. Pulling scattered status updates into a single report, building onboarding checklists, reconciling spreadsheets.
  • Content creation and copywriting — 16.4%. Drafts, slide decks, social posts, proposals.
  • Software development — 8.7%.
  • DevOps and infrastructure — 7%.
  • Research — 6.4%.
  • Data analysis — 5.8%.
  • Document processing — 4.1%.
  • Sales operations — 4%.

Anthropic frames this as "the work around the work" — the administrative and connective tasks that aren't central to anyone's job description but that quietly consume a large share of the workweek: a lawyer formatting a document, a hiring manager synthesizing interview feedback, a team lead building a slide deck nobody wanted to build. Business process, operations, and content creation together account for roughly half of all Cowork usage. That is not a developer tool with a chat interface bolted on. It is closer to an always-on operations hire that happens to also write code when asked.

For SMEs specifically, this reframes what "AI agent adoption" should mean in practice. The dominant narrative for the past two years has been about coding copilots and customer-support bots. The Cowork data suggests the highest-volume, lowest-friction entry point for most non-tech businesses is quieter than that: reconciling a spreadsheet, drafting a report, chasing down status updates across five different tools — the exact kind of work that doesn't justify a dedicated hire but does eat hours every week.

The Governance Gap Nobody Mentions in the Launch Post

Here is the part of this story that matters more than the mobile app icon, and the part we'd flag to any client asking whether to switch Cowork on this week.

Cowork ships on Pro and Max plans, but those tiers lack organization-level admin controls. Team and Enterprise plans add the things that actually make autonomous agents safe to run at scale: role-based permissions, group spend limits, connector restrictions, SSO, SCIM provisioning, and configurable data retention. If your team is running Cowork on individual Pro or Max seats — which is exactly how a fast-moving SME is most likely to adopt it, one enthusiastic employee at a time — nobody in the organization has visibility into what those agents are doing, what files they're touching, or what they're connected to.

That gap matters because of what security researchers have already flagged about Cowork's threat model. Claude Cowork can access any file the logged-in user can access, and every MCP connector, plugin, or native integration it's given expands the blast radius of a prompt injection attack — an agent wired into Slack, a GitHub repo, and Google Workspace effectively holds the keys to the organization. Prompt injection is the highest-severity, highest-likelihood attack vector against Cowork specifically because a successful injection can exfiltrate local files, execute commands, send messages as the user, and create persistent scheduled tasks — all without a permission dialog if the defaults aren't tightened. On top of that, Cowork activity by default isn't captured in standard enterprise audit logs or compliance exports, which means the visibility gap isn't just about permissions, it's about knowing what happened after the fact.

None of this is a reason to avoid Cowork. It's a reason to treat "we gave Claude access to our files" with the same seriousness as any other credential grant, because that's functionally what it is.

What Swiss SMEs Should Actually Do

Don't let Cowork adoption stay shadow IT. If employees are already using Cowork on personal Pro or Max accounts against company files, that's happening without spend limits, connector restrictions, or audit visibility. Get it onto a Team or Enterprise plan before it scales past a handful of users, not after.

Scope file and connector access deliberately. Cowork's usefulness comes from broad access to your files and tools; its risk comes from the same thing. Start with scoped folders and a short connector allowlist rather than granting blanket access "to see what it can do."

Treat the audit-log gap as a blocker, not a footnote. If Cowork activity doesn't land in your existing compliance tooling, decide before rollout — not after an incident — how you'll get visibility, whether through Anthropic's enterprise tier, an LLM gateway, or OpenTelemetry piped into your own logging.

Start with the "work around the work," not the flashiest use case. Anthropic's own data says the highest-volume use isn't code generation — it's operations and content drafting. That's also the lowest-risk place for an SME to pilot: a status-report agent or a document-formatting agent fails safely in a way a database-connected sales-ops agent doesn't.

This is the same governance discipline we wrote about with approval gates for AI agents and the reasons enterprise AI agents fail in production — the pattern holds regardless of which lab's agent you're running. A cheaper, faster, more agentic model (see our take on Claude Sonnet 5) or a more convenient mobile app doesn't reduce the need for that discipline. If anything, "it now runs in the background on my phone while I'm not watching" raises the stakes on getting oversight right, not lowers them — the same lesson we drew from AI agent security after Mythos.

The Bottom Line

The headline out of this week isn't that Claude can now run on your phone — it's that Anthropic's own numbers confirm what we've been telling SME clients for months: the highest-value, highest-volume use case for AI agents isn't writing code, it's absorbing the administrative work around everyone's actual job. That's good news for SMEs, because it means the biggest AI story of the week is directly usable by a business with no developers on staff at all. It's also exactly why the governance question can't wait — an agent that reconciles your spreadsheets in the background while your laptop is closed needs the same access controls, the same audit trail, and the same "who approved this and what can it touch" discipline as any other system with a login to your files.

If you're weighing whether to roll Cowork — or any background AI agent — out to your team and want a second opinion on the access model before you flip it on, get in touch with our team. Governance is the part launch posts never lead with, and it's the part that decides whether this becomes a quiet productivity win or the next incident report.

NEXT STEPWas this useful?