What CDOs and Chief AI Officers Should Be Tracking in Their Claude Cowork Rollout
Claude and Claude Cowork are changing what it means to be productive at work. For knowledge workers in finance, legal, operations, and marketing, Cowork is not just another tool in the stack. It is the first AI that works the way they do, connecting to the systems and documents they already use, handling the surrounding work of their most critical tasks so they can focus on the decisions only they can make. The productivity gains are real, and the enterprises moving fastest are already seeing it.
The scale of adoption reflects that. Anthropic now accounts for nearly 30% of enterprise LLM spend – and that share is growing. Deloitte has deployed Claude to more than 470,000 employees globally. The ambition is not in question.
But for CDOs and Chief AI Officers greenlighting deployment at scale, the opportunity comes with a distinct set of responsibilities. Claude Cowork is not a chatbot upgrade. It brings an autonomous agent into the desktop work surface of every employee you roll it out to – one that can connect to your data, execute workflows, and act across your systems without a human approving every step. Anthropic itself acknowledged in April 2026 that while it has begun to provide some oversight, governance and controls are recommended. That responsibility sits with the enterprise. That demands a fundamentally different approach to tracking, governance, and value measurement than anything that came before it.
The good news is that getting that infrastructure in place does not have to be a major undertaking. Portal26 now provides foundational Claude governance and security capabilities free of charge, with deployment measurable in minutes rather than months. This guide covers exactly what CDOs and Chief AI Officers should be tracking from day one – and how to get visibility across all of it immediately.
Why Claude Cowork Is Different From Every AI Tool That Came Before It
When Anthropic launched Claude Cowork to general availability in April 2026, the announcement was technically modest: role-based access controls, group spend limits, usage analytics, expanded OpenTelemetry support, a Zoom connector, and per-tool connector controls. But what it signalled was significant. Claude Cowork was no longer a research preview. It was ready for enterprise deployment at scale.
The productivity promise is real. Anthropic’s own data shows the vast majority of Claude Cowork usage comes from outside engineering teams, with functions like operations, marketing, finance, and legal using it for project updates, collaboration decks, and research sprints. Deloitte has deployed Claude to more than 470,000 employees globally. The scale of ambition is not in question.
What is in question is whether most enterprises have the visibility and governance infrastructure to match that ambition. As one security analysis noted, Claude Cowork creates a security boundary that looks more like an endpoint agent than a chatbot: it can work with local folders, browser sessions, plugins, connectors, scheduled tasks, and approved desktop apps. As board-level AI analysts have observed, when you roll out Claude Cowork, you are giving every knowledge worker the ability to deploy agents that can act on your data, your systems, and your customers. Without an operating model built for that reality, risk accumulates faster than you can measure it.
As Pakshi Rajan, Chief AI & Product Officer at Portal26, put it: “Deploying Claude is the starting point. What organizations need upfront is the infrastructure to discover all Claude AI, Claude Code, and Claude Cowork usage, surface all conversations and tool calls, govern it, protect it, and prove its value.”
That is exactly where this guide starts.
1. Who Is Actually Using Claude Cowork and Who Is Not Waiting for Permission
The first tracking challenge in any Claude Cowork rollout is visibility, and it is harder than it sounds. Sanctioned deployment is only part of the picture. Before your official rollout is even complete, employees who have heard about Cowork will already be accessing it through personal accounts, trial subscriptions, or workarounds that bypass IT entirely.
Anthropic’s own rollout data shows the heaviest Claude Cowork users are outside engineering – in operations, marketing, finance, and legal. Those are also the functions most likely to find their own path to a tool before IT has finished evaluating it. The implication for CDOs is clear: your governance footprint must cover both sanctioned and unsanctioned Claude usage simultaneously.
What we track for you: Portal26’s free tier gives you immediate User, Model, and Agent Discovery alongside full Conversation Thread visibility across your Claude environment – so you know exactly who is using what from day one. Our Shadow AI Discovery Engine builds on that foundation, identifying every instance of Claude and Claude Cowork in use across your organisation, including unsanctioned access, in real time, surfacing 200% more shadow AI activity than legacy Secure Web Gateways and DLP tools. Combined with our AI Adoption Analytics, you get granular adoption data across every team and function, giving your leadership the insight needed to accelerate rollout and demonstrate impact where it is landing fastest.
2. What Your Agents Are Doing and What It Is Costing
Claude Cowork’s agentic capabilities are its most powerful feature and its most significant governance challenge. When Claude operates autonomously through Cowork, connecting to Google Drive, Gmail, DocuSign, FactSet, and other systems via MCP, it is not just answering questions. It is taking actions, consuming tokens at volume, and operating across your tech stack in ways that traditional monitoring tools were never designed to see.
For Chief AI Officers, this creates two parallel tracking imperatives. The first is operational: which agents are running, what workflows are they executing, and on whose behalf? The second is financial: token consumption at enterprise scale, across hundreds or thousands of agentic sessions, can escalate quickly and invisibly. Group spend limits, one of Cowork’s enterprise features, are a start. But they operate at the group level and do not give you the granularity to understand which specific agents, workflows, or use cases are driving consumption.
What we track for you: Portal26’s free tier includes Token Usage and Cost visibility and Agent Access Graphs as standard – giving you an immediate picture of what your agents are doing and what it is costing, from the moment you connect. Our Agentic AI Management capability extends that to full real-time token consumption tracking by agent and workflow, so you always know what your Claude agents are doing, on whose behalf, and at what cost. Our Agentic Token Controls go a step further: as the industry’s first agentic cost controls, they allow you to set policy-based token limits at the agent, workflow, or organisational level, automatically throttling or pausing runaway agents before costs spiral. For CDOs managing enterprise-wide Claude Cowork deployments, this is the layer that turns token visibility from a dashboard metric into an active governance control.
3. Whether Sensitive Data Is Leaving Through Claude Cowork Interactions
Every Claude Cowork interaction is a potential data exposure event. Employees working with Cowork on real business tasks, drafting contracts, analysing financial data, preparing board materials, are naturally reaching for the documents and data they work with every day. The question is not whether sensitive data will enter the Claude Cowork environment. It is whether you have the controls in place to prevent it from going somewhere it should not.
Security guidance published in 2026 identifies the primary risks as broad folder grants, prompt injection through browser content, plugin and MCP supply-chain exposure, connector scope drift, and incomplete audit coverage. Critically, Anthropic’s own Compliance API does not currently cover Claude Cowork, meaning regulated workloads that use the Cowork desktop agent require supplementary controls. That gap sits directly with the CDO and CISO to fill.
What we track for you: Portal26’s advanced security tier provides MCP Controls and Policy Enforcement, giving you governance over the connectors and tool calls that represent the primary data exposure surface in Claude Cowork deployments. Our AI Prompt Protection monitors Claude Cowork interactions at the point of entry, detecting and enforcing against sensitive data exposure in real time before it reaches external models or connectors. Our AI Data Security capability extends protection across every Claude interaction and agentic workflow, ensuring your organisation’s information assets remain secure as Cowork adoption scales. Our AI Risk Management layer runs continuously across all Claude and Claude Cowork usage, with a comprehensive set of risk detectors monitoring for compliance violations, data exposure, and security threats in real time.
4. Whether Your Governance Policies Are Actually Enforced
Having an AI usage policy is not the same as enforcing one. Most enterprises that have deployed Claude Cowork have acceptable use guidelines in place. Far fewer have a mechanism that ensures those guidelines are respected at the point of interaction, rather than documented in a PDF that employees may never read.
This gap matters more with Cowork than it did with earlier AI tools, because the stakes of a policy violation are higher. An employee who pastes confidential data into a standard AI chat creates a point-in-time exposure. An employee who connects Claude Cowork to their Google Drive with broad folder grants and then instructs it to run a workflow creates an ongoing, automated exposure across potentially hundreds of files.
What we track for you: Portal26’s advanced tier delivers Real-time Security Policy Enforcement across Claude and Claude Cowork – when employees attempt to use Claude in ways that conflict with your governance requirements, the platform automatically notifies them at the point of violation, creating an education moment rather than a silent breach. Our Token Policy and Cost Enforcement capability extends that governance layer to cover spend controls, so policy violations on the financial side are caught as automatically as security ones. Our AI Audit and Forensics capability maintains a complete, tamper-proof record of all Claude activity through our industry-only NIST FIPS-certified AI forensic audit vault, enabling granular investigations and rigorous compliance reporting when you need them.
5. What Employees Are Actually Using Claude Cowork For
One of the most consistent findings in enterprise AI rollouts is that actual usage rarely matches intended usage. Employees find workflows and use cases that leadership never anticipated, some of which represent high value, others of which represent high risk. Without visibility into what people are actually doing with Claude Cowork, CDOs are making strategy decisions based on assumptions rather than evidence.
Anthropic’s own rollout data is instructive here: the heaviest Cowork users are not in engineering. They are in operations, marketing, finance, and legal, handling the surrounding work of their most critical tasks. Understanding how that usage maps to your specific organisation, which functions are getting the most value, which use cases are emerging organically, and where employees are struggling or not adopting at all, is the intelligence your Chief AI Officer needs to make confident decisions about where to invest next.
What we track for you: Portal26’s free tier gives you Tool Call Visibility as standard – surfacing exactly what Claude agents are being instructed to do across your environment from day one. Our AI User Intent and Use Case Discovery builds on that foundation, analysing how employees actually use Claude Cowork, extracting objectives, and identifying behavioural patterns that would otherwise be invisible, so your CDO and Chief AI Officer can prioritise investment, training, and strategy with confidence. Our AI License Intelligence module, the industry’s first licensing intelligence analytics, ensures your organisation is maximising the value of its Claude and Claude Cowork investment by surfacing underutilisation, redundancy, and optimisation opportunities.
6. Whether the Rollout Is Delivering Measurable Business Value
The final, and arguably most important, thing CDOs and Chief AI Officers should be tracking is whether Claude Cowork is actually moving the business forward. Adoption is not ROI. Usage metrics are not business outcomes. The pressure on enterprise AI leaders to demonstrate measurable return is intensifying, and a rollout that generates impressive usage dashboards but cannot connect those numbers to productivity or business impact will not survive the next budget cycle.
This is the maturity question that distinguishes enterprises genuinely realising value from AI from those still performing it.
What we track for you: Our AI Value Realization module, the only one of its kind across both Generative and Agentic AI, quantifies the productivity and business impact of Claude and Claude Cowork adoption over time. Our AI Strategy and ROI capability builds a data-driven Claude adoption strategy backed by real consumption data, use case performance, and measurable business outcomes, giving your CIO, CFO, and department heads the evidence they need to accelerate adoption and demonstrate ROI to leadership.
From Day One to Full Value: A Rollout That Pays for Itself
The enterprises getting the most from Claude AI are the ones who treat visibility, security, governance and optimization as foundational from the start, not as problems to solve after something goes wrong.
As Arti Raman, CEO of Portal26, said at the launch of Portal26’s free Claude governance tier: “As Claude AI, Claude Code, and Claude Cowork become core to how enterprises work, the need for a dedicated management layer has never been clearer. Portal26 gives organizations the full-lifecycle AI management capability they need to move from cautious experimentation to confident, scalable, and measurable Claude adoption – securely, and at speed.”
Portal26’s free tier for Claude gives your organisation User, Model, and Agent Discovery, Agent Access Graphs, Tool Call Visibility, Token Usage and Cost tracking, and Conversation Thread visibility – all at no cost and deployable in minutes. For enterprises that need the full security and governance layer, Portal26’s advanced capabilities extend that foundation to comprehensive risk detection, real-time policy enforcement, token controls, MCP governance, and enterprise integrations across IDP, SSO, SIEM, and IR platforms.
Whether you are preparing your organization to deploy Claude at scale or accelerating the value of an existing rollout, Portal26 gives you everything you need. Complete visibility into how Claude is being used. Real-time token control and analytics by agent, use case, and workflow. Security and governance controls to protect your data and IP. And the insights to prove and maximise ROI. Everything you need – from day one to full value.
Get started free – or schedule a demo to see how Portal26 supports enterprise Claude deployments at every stage.