Claude Code Auto Mode: Smarter Permission Handling Without Skipping Safety

What Changed

Claude Code now ships Auto Mode, a third permission tier that lets the agent make permission decisions on your behalf. Before each tool call executes, a safety classifier reviews it for potentially destructive patterns — mass file deletions, sensitive data exfiltration, malicious code execution — and either lets it through or blocks it and redirects Claude toward a safer alternative.

Why It Matters

Until now, developers faced a binary trade-off: either approve every file write and bash command manually (safe but slow), or pass --dangerously-skip-permissions to remove all guardrails (fast but risky). Auto Mode fills the gap — fewer interruptions than default, less risk than skipping permissions entirely.

How It Works

• A classifier evaluates each tool call before execution
• Safe actions proceed automatically
• Risky actions are blocked; Claude is redirected to an alternative approach
• If Claude repeatedly attempts blocked actions, a user permission prompt is triggered as a fallback
• Compatible with Claude Sonnet 4.6 and Opus 4.6

Availability

• Research preview on the Team plan as of March 24, 2026
• Enterprise plan and API users: rolling out in the coming days

Caveats

• Auto Mode may still allow some risky actions when user intent is ambiguous or environmental context is insufficient
• May occasionally block benign actions
• Minor increases in token consumption, cost, and latency are expected
• Anthropic still recommends using Claude Code in isolated environments for maximum safety