Anthropic dropped three features for Claude Code on Monday, but the interesting one is auto mode.
Until now you had two choices: approve every single file write and bash command manually, or use the skip permissions flag which lets the AI do whatever it wants. Auto mode sits in the middle. An AI safety classifier evaluates every tool call in real time. Routine stuff like writing files and running tests gets auto approved. Destructive operations like mass deletion or data exfiltration get blocked.
The catch is that Anthropic hasn't published what the classifier allows or blocks. It's a black box ML model making security decisions about your file system. They acknowledged it "may still allow some risky actions" when intent is ambiguous. For side projects that's probably fine but for production codebases I'd want to see the actual rules.
They also launched Channels which lets you control Claude Code through Discord and Telegram. This is basically their answer to OpenClaw, the open source project that blew up to 100K+ GitHub stars. Anthropic sent the creator a cease and desist over the original name, he ended up joining OpenAI, and now Anthropic is building the managed alternative themselves.
Meanwhile Cursor launched Composer 2 this week but got caught hiding that it's built on Moonshot AI's Kimi K2.5, a Chinese open source model. A developer found out by intercepting API traffic and spotting the model identifier. Cursor's co founder called the omission "an error." And GitHub announced they'll train on Copilot user data by default starting April 24.
Curious what people think about the auto mode approach. Would you trust a black box classifier to decide what's safe to execute on your machine, or would you rather just keep approving things manually? This and 2 other interesting AI Trust Issues are written at ai-dev-weekly
[link] [comments]