Anthropic just shipped “auto mode” for Claude Code. According to the company, users approve 93% of permission prompts without reading them. The guardrails had become a rubber stamp, and everyone knew it.
Until now, you’ve had two choices when working with Claude Code: click “approve” hundreds of times per session, or use the --dangerously-skip-permissions flag (developers call it “YOLO mode”) to let Claude do whatever it wanted with zero guardrails. Anthropic’s internal incident log tells you why that second option is a problem. Agents have deleted remote git branches from misinterpreted instructions, uploaded GitHub auth tokens to compute clusters, and attempted migrations against production databases.
Auto mode puts a reasoning-blind classifier between the agent and every action it tries to take. It sees user messages and the raw tool calls. It cannot see the agent’s own explanations for why an action is safe, which means the agent cannot talk the classifier into a bad decision. If Claude writes a Python script that assembles a shell command, the classifier evaluates the assembled command before allowing execution.
For those promiscuous souls who routinely use --dangerously-skip-permissions and still have jobs, intact code bases, and their wits about them, this is a pure upgrade. For those of us with healthy paranoia, auto mode has its place. Run claude --enable-auto-mode in the CLI to try it. It’s available now for Team plan users, with Enterprise and API access rolling out in the coming days.
Every company needs a Claw strategy. Do you have one?
Author’s note: This is not a sponsored post. I am the author of this article and it expresses my own opinions. I am not, nor is my company, receiving compensation for it. This work was created with the assistance of various generative AI models.