Anthropic hands Claude Code more control, but keeps it on a leash

Anthropic is tackling the 'babysitting' problem in AI-assisted coding with a new research preview feature called 'auto mode' for Claude Code. This update shifts decision-making from the developer to the AI itself, allowing Claude to determine which actions—like running commands or modifying files—are safe to execute without waiting for human approval. However, it's not a free-for-all: each proposed action first passes through an AI-powered safety layer that screens for unauthorized requests and prompt injection attacks. Only actions deemed safe proceed automatically; risky ones get blocked. This approach builds on Claude's existing 'dangerously-skip-permissions' command but adds crucial guardrails, positioning it as a middle ground between fully manual oversight and unchecked autonomy.

Currently available only for Claude Sonnet 4.6 and Opus 4.6 models, auto mode is rolling out to Enterprise and API users with a strong recommendation to use it in isolated, sandboxed environments separate from production systems. Anthropic hasn't yet detailed the specific criteria its safety AI uses to judge risk—a transparency gap developers will likely want addressed before wider adoption. The feature arrives alongside other recent Anthropic developer tools like Claude Code Review for bug detection and Dispatch for Cowork for task delegation, reflecting an industry-wide push toward more autonomous AI agents. This move mirrors similar efforts from GitHub and OpenAI but emphasizes a unique balance: letting the AI decide when to ask for permission, rather than always asking or never asking.