Developers using AI face the dilemma of constantly monitoring actions or allowing models to run autonomously with potential risks. Anthropic’s latest update to Claude seeks to address this by enabling the AI to determine which actions are safe to execute independently, within certain limits.
This move aligns with the industry’s trend toward creating AI tools that can operate without human oversight. The key challenge is ensuring a balance between speed and control: excessive restrictions can slow processes, while too few can lead to unpredictability. Anthropic’s new “auto mode,” currently in research preview, represents an effort to strike this balance.
Auto mode incorporates AI safeguards to assess each action, identifying risky behavior or prompt injection attempts—malicious instructions concealed in processed content that could cause unintended actions. Safe actions proceed automatically, while risky ones are blocked.
It builds upon Claude Code’s “dangerously-skip-permissions” command, which previously transferred decision-making to the AI, but now includes an added safety layer.
This feature advances the trend of autonomous coding tools from companies like GitHub and OpenAI, which perform tasks for developers. It further transfers the decision of when to request user permission to the AI itself.
Anthropic has not yet specified the criteria its safety layer uses to differentiate safe from risky actions, a detail developers will likely want before wide adoption. (TechCrunch has reached out for more information.)
The feature follows Anthropic’s release of Claude Code Review, which detects bugs before adding to the codebase, and Dispatch for Cowork, allowing AI agents to manage tasks on behalf of users.
Auto mode is set to launch for Enterprise and API users soon. It currently only functions with Claude Sonnet 4.6 and Opus 4.6, and it is recommended to use the feature in isolated environments—sandboxed setups that are separate from production systems to minimize potential issues.