Cursor adds auto-review mode with classifier subagent and fewer approval prompts

• Cursor shipped auto-review mode, which lets agents run more tool calls with fewer approval prompts, according to cursor_ai's launch post.
• Actions that are outside a user's allowlist or cannot be sandboxed get routed to a separate decision-making agent, per cursor_ai's classifier explanation.
• Cursor framed the feature as lower-friction execution with a safety backstop, while jediahkatz's post described the appeal more bluntly: fewer approval clicks without fully dropping security checks.
• The launch also came with a browser game that asks humans to approve terminal commands fast enough to beat the model, as shown in ericzakariasson's demo post.

You can jump straight to Cursor's changelog, watch Cursor's launch video, and try the approval game that pits your judgment against auto-review. One side detail worth noting: nrehiew_'s chart post claimed the amount of auto-accepted code is already up 5x since the start of the year.

Cursor's launch pitch is simple: agents can keep moving without stopping for as many approval prompts.

The official post says auto-review is now available in Cursor and is meant to allow more tool calls with safer execution. The linked changelog entry is where Cursor points users for the mechanics.

Jediah Katz wrote that he has personally been using "YOLO mode" for about a year, but framed auto-review as the version for people who still want more security. That gives the ship a useful read: Cursor is productizing a behavior power users were already leaning toward, then wrapping it in a more formal review path.

The most concrete implementation detail in the launch is the extra agent in the middle.

According to cursor_ai's classifier explanation, any action that is not on a user's allowlist, or cannot be sandboxed, goes to a classifier subagent. That subagent has three options:

• allow the tool call
• try a different approach
• ask the user for approval

That is a more specific design than a blanket "trust the agent more" toggle. Cursor is separating low-friction execution from higher-risk decisions, and it is doing that with another model-mediated step rather than only a static permissions list.

Cursor's launch campaign also shipped a small benchmark for human caution.

Eric Zakariasson linked cursor-auto-review.com, a game built around approving terminal commands in 30 seconds. The pitch is that beating auto-review is harder than it looks. davidgomes's post called it a quick way to understand the feature before opening the app.

Separately, nrehiew_'s chart post said the amount of auto-accepted code has risen 5x since the start of 2026. That was not part of Cursor's official announcement, but it adds a useful backdrop for why approval minimization is becoming a product surface at all.