Cursor makes Auto-review default safety layer

By reframing agent safety from a binary block/allow switch to a contextual 'dial,' Cursor addresses the developer fatigue of constant approval prompts while keeping local agents securely bounded. Agentic safety classifiers that can inspect files and folders in the background represent the next phase of agent security, moving away from rigid, regex-based command allowlists. Furthermore, the feedback loop—where the classifier explains blocks back to the parent agent rather than immediately halting execution—allows agents to auto-correct and try safer alternative tools, significantly improving user experience. While a 97% accuracy rate is strong, the remaining 3% error rate on ambiguous edges highlights the difficulty of defining precise safety boundaries in complex development environments. Finally, running the classifier within the same RPC stream to minimize latency is a smart architectural choice to avoid slowing down agent execution loops.