Anthropic adds automatic mode to Claude Code for safe unsupervised operation

Anthropic launched an automatic mode for Claude Code — an AI-powered development tool that allows the model to independently execute tasks on behalf of the user. The new auto mode addresses one of the main problems of autonomous agents: how to give AI enough freedom to work effectively without risking data loss, information leaks, or execution of unwanted commands. Before auto mode appeared, Claude Code users faced an inconvenient choice.

You could manually control each agent action — reliably, but slowly and tediously. Or grant the model broad permissions and refrain from interfering — quickly, but risky. Claude Code already knows how to work independently: delete files, send data, execute system commands.

This makes it a powerful tool, but also potentially dangerous — especially if the agent encounters hidden instructions in third-party code or malicious data. Auto mode was developed as a third way. The new feature analyzes the agent's upcoming actions, assesses their potential risk, and blocks dangerous operations before they are executed.

In doing so, the agent gets the ability to propose an alternative, safer way to achieve the same goal — instead of simply refusing to execute the task. Anthropic positions this as a balance between constant oversight and a dangerous level of autonomy, which the company considers unacceptable for a broad audience of users. Essentially, auto mode is a built-in level of self-censorship for the agent.

Instead of requesting permission from the user at every step or acting uncontrollably, Claude Code now weighs risks in real-time. This resembles the approach used in industrial safety systems: not to block all non-standard actions, but to assess the context and respond to real threats. The problem with agent systems that auto mode is meant to solve is well familiar to developers.

AI agents are vulnerable to so-called prompt injection attacks — when malicious instructions are hidden in processed data, documents, or third-party library code. The agent diligently executes them, unaware of the threat. Furthermore, broad permissions in autonomous mode can lead to unwanted consequences even without malicious intent: deletion of needed files, transmission of confidential data to external services, execution of destructive operations on databases.

The launch of auto mode is part of a broader trend in the industry. As AI agents become increasingly autonomous, issues of manageability and safety come to the forefront for all key market players. Companies are seeking ways to provide users with powerful tools without creating new vulnerabilities.

Anthropic clearly is betting that trust in Claude Code will grow along with its reliability and predictability of behavior. For developers who use Claude Code in real projects, auto mode is a practical workflow improvement. No more need to make a painful choice between speed and safety.

The agent takes some decisions upon itself, but precisely those that can be delegated — leaving critically important and irreversible actions under user control. This is a step toward AI tools that can be trusted in a real working environment.