Anthropic's Claude Code gets auto-execution mode with built-in safety checks

Anthropic has introduced auto mode for Claude Code, a research preview feature that shifts decision-making authority from users to the AI itself—but with safety guardrails built in.

The feature addresses a friction point in current "vibe coding" workflows: developers must either babysit every action Claude takes or disable all oversight entirely. Auto mode attempts to find middle ground by letting Claude automatically execute actions it determines are safe, while flagging and blocking risky operations.

How It Works

Auto mode uses AI-powered safety checks before executing each action. The system screens for two primary threats:

1. Risky behavior — actions the user didn't explicitly request
2. Prompt injection attacks — malicious instructions hidden in content that could cause unintended AI behavior

Actions passing these checks proceed automatically. Those flagged as risky are blocked. The feature extends Claude Code's existing "dangerously-skip-permissions" command, which handed all decision-making to the AI, but now adds a safety layer on top.

Availability and Limitations

Auto mode is rolling out to Enterprise and API users in the coming days. Anthropic currently limits the feature to Claude Sonnet 4.6 and Opus 4.6. The company strongly recommends using it only in "isolated environments"—sandboxed setups kept separate from production systems to minimize potential damage if safety checks fail.

Anthropologic has not disclosed the specific criteria its safety layer uses to distinguish safe actions from risky ones, a detail developers will likely want clarification on before widespread adoption.

Broader Context

Auto mode reflects an industry-wide shift toward agentic AI tools that execute tasks without constant human intervention. Competitors including GitHub and OpenAI have launched autonomous coding tools with similar capabilities. Anthropic's distinguishing element is delegating the permission-decision itself to the AI, rather than requiring human approval gates.

The launch follows Anthropic's recent releases of Claude Code Review (automatic bug detection) and Dispatch for Cowork (task delegation to AI agents).

What This Means

Auto mode represents Anthropic's bet that AI systems can safely self-govern when properly constrained. The feature trades some user control for developer velocity—a calculation that works only if safety checks are genuinely reliable. The research preview designation and recommended sandbox-only use suggest Anthropic expects iterative refinement. For enterprise users seeking faster coding workflows, auto mode reduces friction; for those prioritizing maximum oversight, it remains optional. The undefined safety criteria, however, leaves a significant transparency gap that could slow adoption until Anthropic provides more technical detail.