Anthropic’s Dispatch AI Breaks Out of the Browser to Run Your PC

TL;DR

• Anthropic launched Dispatch, a desktop AI agent that can execute missions and access files through desktop connectors — not just chat in a browser.
• Conversations persist across devices, accessible via mobile, marking a shift from stateless chatbots to continuous autonomous agents.
• Drops alongside Meta’s Manus and Perplexity’s Personal Computer agent in March 2026, turning desktop autonomy into a three-way race.
• Raises serious security questions around local file system access and agent permissions that enterprises will need to solve fast.

Anthropic Ships Dispatch to Your Desktop

Anthropic introduced Dispatch, a desktop-based AI agent that represents a fundamental departure from the browser-bound chatbots the company built its reputation on. The agent runs locally, accesses files through desktop connectors, and executes what Anthropic calls missions — multi-step tasks that don’t require constant user hand-holding. Conversations persist across devices, meaning you can start something on your desktop and pick it up on mobile.

The company didn’t disclose pricing, availability timelines, or technical specifications around which file types or system APIs Dispatch taps into. But the product exists, it shipped, and it signals that Anthropic believes the next battlefield isn’t in the cloud — it’s on your machine.

This isn’t a research preview or a limited beta whispered about on Discord. It’s a product launch, timed to collide with similar moves from Meta and Perplexity in the same month.

Why Dispatch Matters — and Why I’m Skeptical About the Timing

Dispatch marks the moment AI companies stop asking you to copy-paste your way through tasks and start doing the tasks themselves. That’s the pitch, anyway. The reality is messier.

Giving an AI agent access to your file system isn’t like giving it access to a sandboxed chat window. It’s handing over the keys to your documents, your credentials, your browser history, your SSH keys — everything that makes your computer yours. And unlike a human assistant you can fire, an agent operates at machine speed with machine indifference to context.

I’ve spent a decade watching AI companies promise agentic breakthroughs, and most of those promises died in the demo-to-production chasm. But this feels different. Not because the technology suddenly works — we don’t know if it does yet — but because three major players shipped competing versions in the same month. Meta’s Manus. Perplexity’s Personal Computer agent. Now Dispatch. That’s not a coincidence. That’s a land grab.

The timing suggests these companies believe the infrastructure is finally ready, or at least ready enough to start claiming territory. Desktop agents have been technically possible for years — the holdup was never the models, it was trust. Users don’t trust AI with their files. Enterprises definitely don’t trust AI with their files. But if everyone ships at once, the Overton window shifts. Suddenly the question isn’t whether agents should access your desktop — it’s which agent you’ll choose.

Think of it like this: Dispatch is a valet you’ve never met, asking for your car keys in a parking lot where two other valets are also waving you down. You don’t know if any of them actually work there. But everyone else is handing over their keys, so maybe it’s fine?

The security implications are staggering. Anthropic reportedly designed Dispatch with explicit user permissions, meaning the agent asks before accessing files or executing system commands. That’s a start. But permissions are only as good as the user’s understanding of what they’re granting. Most people click through install dialogs without reading them. Will they suddenly develop rigorous access control hygiene for an AI agent?

And what happens when an agent misinterprets a mission? When it deletes the wrong file, emails the wrong person, or exposes credentials to a third-party API? The legal and technical frameworks for agent accountability don’t exist yet. We’re building the plane while flying it — and also while handing the controls to an autopilot we don’t fully understand.

Dispatch Joins a Sudden Stampede Toward Desktop Control

March 2026 is shaping up as the month AI agents escaped the browser. Anthropic’s Dispatch launched alongside Meta’s Manus and Perplexity’s Personal Computer agent, turning what was once a speculative product category into a live competitive battleground. All three companies are betting that users want AI that doesn’t just answer questions — it acts on them.

Meta’s Manus reportedly focuses on cross-platform coordination, letting agents operate across mobile and desktop environments with shared context. Perplexity’s Personal Computer agent leans into search and retrieval, positioning itself as the agent that knows where your files are before you do. Dispatch, meanwhile, emphasizes persistent conversations and mission execution — the idea that you can assign a task, walk away, and come back to results.

The competitive stakes are existential. Whoever owns the desktop agent layer owns the interface between users and their computers. That’s not just a product — it’s a platform. If Dispatch becomes the default way people interact with their file systems, Anthropic doesn’t just sell an AI model. It becomes the operating system layer above the operating system.

But that prize only matters if users actually adopt these agents. And adoption hinges on trust, which hinges on security. Which brings us back to the problem none of these companies have solved yet: how do you give an agent enough autonomy to be useful without giving it enough autonomy to be dangerous?

The fact that all three launched in the same month suggests none of them have a great answer. They’re all hoping to figure it out in production, with real users, in real environments. That’s either bold or reckless, depending on how the next six months play out.

What Dispatch Means for Enterprise AI Infrastructure

If desktop agents take off, enterprises face a reckoning. The security models that work for cloud-based chatbots — sandboxed environments, rate limits, API keys — don’t translate to agents that need file system access and the ability to execute arbitrary commands. Companies will need new safeguard frameworks, new audit trails, and new ways to revoke permissions when something goes wrong.

The shift also forces a question about where AI lives. For the past two years, the industry consensus was that powerful models belong in the cloud, accessed via API. Desktop agents flip that assumption. They run locally, or at least locally enough to access files and execute system commands without round-tripping to a remote server. That changes latency, changes privacy, and changes who controls the infrastructure.

Anthropic’s decision to build Dispatch as a persistent, cross-device agent also signals a bet on continuity. The agent isn’t a one-off task executor — it’s a presence. It remembers your projects, your preferences, your workflows. That continuity is powerful, but it also means the agent accumulates context over time. What happens to that context? Who owns it? Can you delete it? These aren’t hypothetical questions. They’re compliance requirements waiting to be written into law.

The broader trend is clear: AI is moving from tools you use to agents that act on your behalf. That transition requires new infrastructure, new security models, and new expectations around transparency and control. Dispatch is one company’s answer. But the industry is still figuring out the question.

Three Things to Watch as Dispatch Rolls Out

First, watch how Anthropic handles permissions and access control. The difference between a useful agent and a dangerous one is whether it asks before acting — and whether users understand what they’re authorizing. If Dispatch ships with vague permission prompts or defaults that favor convenience over security, expect backlash. Enterprises won’t adopt an agent they can’t audit.

Second, watch the competitive response from Microsoft and Google. Both companies have desktop operating systems, existing AI assistants, and massive user bases. If desktop agents become the next platform war, Microsoft and Google have structural advantages Anthropic doesn’t. They control the OS. They control the file system APIs. They control the default integrations. Anthropic is building on top of someone else’s stack, which means it’s always one API change away from losing access.

Third, watch for the first major security incident. Not if — when. An agent will misinterpret a command, delete something important, or leak credentials. The question is whether the industry responds with better safeguards or a retreat back to sandboxed chatbots. That incident will define whether desktop agents become infrastructure or a cautionary tale.

Source: MarketingProfs