For developers working with AI, “vibe coding” at this point means babysitting every action or risking letting the model run unchecked. Anthropic says the latest updates to Claude aim to eliminate that option by allowing the AI ​​to determine which actions are safe to perform on its own, albeit with some limitations.

This move reflects broader changes across the industry, as AI tools are increasingly designed to work without human approval. The challenge is to balance speed and control. Too many guardrails can slow things down; too few can make the system dangerous and unpredictable. Anthropic’s new “Auto Mode” is currently in research preview.つまり、テストは可能ですが、まだ完成品ではありません。これは、その針に糸を通すための最新の試みです。

Automatic mode uses AI safeguards to review each action before it takes place, checking for signs of unsolicited risky behavior or prompt injection. Prompt injection is a type of attack in which malicious instructions are hidden in content processed by an AI, causing it to perform unintended actions. Safe actions continue automatically, but dangerous actions are blocked.

This is essentially an extension of Claude Code’s existing “Allow Dangerous Skip” command, leaving all decision-making to the AI, but with an added layer of safety on top.

This feature is built on a suite of autonomous coding tools from companies like GitHub and OpenAI that can perform tasks on behalf of developers.しかし、いつユーザーに許可を求めるかという決定を AI 自体に移すことで、さらに一歩前進しています。

Anthropic does not elaborate on the specific criteria the safety layer uses to distinguish between safe and unsafe actions.開発者は、この機能を広く採用する前に、よりよく理解しておく必要があるでしょう。 (TechCrunch has reached out to the company for more information on this.)

Automated mode comes as Anthropic launches Claude Code Review, an automated code reviewer designed to find bugs before they hit your codebase, and Dispatch for Cowork, which allows users to send tasks to an AI agent to handle the work on their behalf.

自動モードは数日以内にエンタープライズ ユーザーと API ユーザーに展開されます。 The company says it currently only works with Claude Sonnet 4.6 and Opus 4.6, and recommends using this new feature in “isolated environments,” or environments that limit the potential damage if something goes wrong in a sandboxed setup isolated from production systems.