Skip to content
Oday Bakkour
Back to Knowledge Hub
aidevelopmentsecurity

AI Coding News: July 11, 2026 — Claude Code Defaults Auto Mode as Cursor Ships Side Chats

Oday Bakkour profile photo
Oday Bakkour
4 min read
Share
AI Coding News: July 11, 2026 — Claude Code Defaults Auto Mode as Cursor Ships Side Chats

Another day, another stack of releases across the AI coding toolbelt. The headline this time is Claude Code quietly graduating Auto Mode from an opt-in flag to the default behavior on the three clouds enterprises actually use — while Cursor answers with a genuinely new workflow primitive, and OpenCode and Codex CLI keep shipping on their usual near-daily cadence.

Claude Code v2.1.207: Auto Mode Becomes the Default

Anthropic pushed Claude Code v2.1.207 today, and the standout change is that Auto Mode — the iterative edit-run-observe-refine loop that turns Claude Code from an autocomplete into a genuinely autonomous agent — no longer needs the CLAUDE_CODE_ENABLE_AUTO_MODE opt-in flag on Amazon Bedrock, Google Cloud Vertex AI, or Anthropic's own Foundry. It's on by default; teams that want the old opt-in behavior can set disableAutoMode in settings instead. Bedrock, Vertex, and Claude Platform on AWS also now default to Claude Opus 4.8.

The release also closes a real plugin security hole: shell-form plugin commands can no longer interpolate ${user_config.*} directly, which previously opened a path to command injection via untrusted config values. Plugin authors now need the exec-form args array or the $CLAUDE_PLUGIN_OPTION_<KEY> environment variable instead. Other fixes in this build:

  • Terminal freezing and lagged keystrokes while streaming very long lists, tables, or code blocks — fixed.
  • Remote managed settings applied from non-interactive runs (claude -p, the SDK) were being silently recorded as consented without ever showing the security consent dialog — fixed.
  • Spurious prompt-injection warnings triggered by benign system-generated conversation updates — fixed.
  • The auto-updater was overwriting custom launcher scripts or symlinks at ~/.local/bin/claude on every release; /doctor now flags an externally managed launcher instead.
  • An indefinite hang on Windows when AWS credential resolution stalls — a 60-second stall guard now fires.

Cursor's version 3.11 landed on July 10 with a workflow feature we haven't seen elsewhere yet: side chats. Typing /side or /btw, or hitting the plus button in the chat panel, spins up a durable, full agent conversation that inherits context from the main chat but runs independently — useful for asking a clarifying question or exploring an alternative approach without derailing the primary agent's train of thought. Other additions in this release:

  • Agent transcript search via Cmd+K with local indexing, plus in-conversation search (Cmd+F) with a match counter.
  • Redesigned project and repo pickers with scoped search across This Computer, Cloud, and Remote Machines.
  • New cloud agent hooks — beforeSubmitPrompt, afterAgentResponse, afterAgentThought, stop, and subagentStart — for teams scripting their own agent guardrails.

Also Shipping: OpenCode's Build Sprint and Codex CLI's Install Fix

OpenCode pushed three builds — v1.17.16 through v1.17.18 — in the same 48-hour window. The most consequential fix stops crashes and bad pricing data when GitHub Copilot returns models with a zero billing batch size; the builds also expose reasoning-effort variants for Grok models, improve xAI prompt cache routing, and refresh the desktop app's sub-agent task rows and revert dock for the v2 session design.

OpenAI's Codex CLI 0.144.1 fixed standalone installs failing when GitHub returns compact or reordered release metadata, and kept code mode working via a fallback to the embedded runtime when the companion host binary is unavailable. It follows 0.144.0's writes app-approval mode, which lets declared read-only actions run freely while still gating actual write operations behind approval.

Why It Matters

Auto Mode going default-on for Bedrock, Vertex, and Foundry is a quiet but significant signal: Anthropic now trusts the autonomous edit-run-refine loop enough to hand it to every enterprise customer already running Claude Code through their approved cloud perimeter, not just the ones who opted in. Pair that with the same-day plugin injection fix, and it's a reminder that autonomy and security hardening are shipping together, not sequentially. Meanwhile Cursor's side chats point at a broader trend — coding agents are starting to support parallel lines of reasoning within a single session, rather than forcing a linear back-and-forth. Expect other tools to follow.

Sources & Further Reading

Comments

Share your thoughts and join the conversation

Leave a Comment

Loading comments...
Add Oday Bakkour as a preferred source on Google
RELATED