{"id":"https://openalex.org/W7151975789","doi":"https://doi.org/10.48550/arxiv.2604.04978","title":"Measuring the Permission Gate: A Stress-Test Evaluation of Claude Code's Auto Mode","display_name":"Measuring the Permission Gate: A Stress-Test Evaluation of Claude Code's Auto Mode","publication_year":2026,"publication_date":"2026-04-04","ids":{"openalex":"https://openalex.org/W7151975789","doi":"https://doi.org/10.48550/arxiv.2604.04978"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2604.04978","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.04978","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Preprint"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2604.04978","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5133180644","display_name":"Zimo Ji","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Ji, Zimo","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5133152411","display_name":"Zongjie Li","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Li, Zongjie","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5133151386","display_name":"Wenyuan Jiang","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Jiang, Wenyuan","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101218044","display_name":"Yudong Gao","orcid":"https://orcid.org/0000-0003-0264-6545"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Gao, Yudong","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5133208836","display_name":"Shuai Wang","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Wang, Shuai","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":0,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.40470001101493835,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.40470001101493835,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":0.13339999318122864,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.13259999454021454,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/permission","display_name":"Permission","score":0.680400013923645},{"id":"https://openalex.org/keywords/classifier","display_name":"Classifier (UML)","score":0.5723999738693237},{"id":"https://openalex.org/keywords/ambiguity","display_name":"Ambiguity","score":0.5315999984741211},{"id":"https://openalex.org/keywords/oracle","display_name":"Oracle","score":0.49540001153945923},{"id":"https://openalex.org/keywords/workload","display_name":"Workload","score":0.45080000162124634},{"id":"https://openalex.org/keywords/flagging","display_name":"Flagging","score":0.4050000011920929},{"id":"https://openalex.org/keywords/unpacking","display_name":"Unpacking","score":0.4032999873161316},{"id":"https://openalex.org/keywords/authorization","display_name":"Authorization","score":0.35740000009536743},{"id":"https://openalex.org/keywords/false-positive-rate","display_name":"False positive rate","score":0.35530000925064087}],"concepts":[{"id":"https://openalex.org/C2779089604","wikidata":"https://www.wikidata.org/wiki/Q7169333","display_name":"Permission","level":2,"score":0.680400013923645},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6543999910354614},{"id":"https://openalex.org/C95623464","wikidata":"https://www.wikidata.org/wiki/Q1096149","display_name":"Classifier (UML)","level":2,"score":0.5723999738693237},{"id":"https://openalex.org/C2780522230","wikidata":"https://www.wikidata.org/wiki/Q1140419","display_name":"Ambiguity","level":2,"score":0.5315999984741211},{"id":"https://openalex.org/C55166926","wikidata":"https://www.wikidata.org/wiki/Q2892946","display_name":"Oracle","level":2,"score":0.49540001153945923},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.4715000092983246},{"id":"https://openalex.org/C2778476105","wikidata":"https://www.wikidata.org/wiki/Q628539","display_name":"Workload","level":2,"score":0.45080000162124634},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4408000111579895},{"id":"https://openalex.org/C2777548347","wikidata":"https://www.wikidata.org/wiki/Q5456937","display_name":"Flagging","level":2,"score":0.4050000011920929},{"id":"https://openalex.org/C2777256151","wikidata":"https://www.wikidata.org/wiki/Q7897273","display_name":"Unpacking","level":2,"score":0.4032999873161316},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.37940001487731934},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.3776000142097473},{"id":"https://openalex.org/C108759981","wikidata":"https://www.wikidata.org/wiki/Q788590","display_name":"Authorization","level":2,"score":0.35740000009536743},{"id":"https://openalex.org/C95922358","wikidata":"https://www.wikidata.org/wiki/Q5432725","display_name":"False positive rate","level":2,"score":0.35530000925064087},{"id":"https://openalex.org/C112789634","wikidata":"https://www.wikidata.org/wiki/Q18207010","display_name":"False positives and false negatives","level":3,"score":0.34599998593330383},{"id":"https://openalex.org/C179518139","wikidata":"https://www.wikidata.org/wiki/Q5140297","display_name":"Coding (social sciences)","level":2,"score":0.31679999828338623},{"id":"https://openalex.org/C5274069","wikidata":"https://www.wikidata.org/wiki/Q2285707","display_name":"Categorical variable","level":2,"score":0.31450000405311584},{"id":"https://openalex.org/C154504017","wikidata":"https://www.wikidata.org/wiki/Q853614","display_name":"Identifier","level":2,"score":0.2973000109195709},{"id":"https://openalex.org/C118930307","wikidata":"https://www.wikidata.org/wiki/Q600590","display_name":"Tuple","level":2,"score":0.28850001096725464},{"id":"https://openalex.org/C109297577","wikidata":"https://www.wikidata.org/wiki/Q161157","display_name":"Password","level":2,"score":0.28619998693466187},{"id":"https://openalex.org/C95203288","wikidata":"https://www.wikidata.org/wiki/Q221682","display_name":"Semaphore","level":2,"score":0.28060001134872437},{"id":"https://openalex.org/C106301342","wikidata":"https://www.wikidata.org/wiki/Q4117933","display_name":"Entropy (arrow of time)","level":2,"score":0.2799000144004822},{"id":"https://openalex.org/C43364308","wikidata":"https://www.wikidata.org/wiki/Q8799","display_name":"Byte","level":2,"score":0.2750000059604645},{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.2709999978542328},{"id":"https://openalex.org/C64869954","wikidata":"https://www.wikidata.org/wiki/Q1859747","display_name":"False positive paradox","level":2,"score":0.2687000036239624},{"id":"https://openalex.org/C113954288","wikidata":"https://www.wikidata.org/wiki/Q186885","display_name":"Timestamp","level":2,"score":0.265500009059906},{"id":"https://openalex.org/C43126263","wikidata":"https://www.wikidata.org/wiki/Q128751","display_name":"Source code","level":2,"score":0.2628999948501587},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.2558000087738037},{"id":"https://openalex.org/C133462117","wikidata":"https://www.wikidata.org/wiki/Q4929239","display_name":"Data collection","level":2,"score":0.2554999887943268},{"id":"https://openalex.org/C29825287","wikidata":"https://www.wikidata.org/wiki/Q1427940","display_name":"Warning system","level":2,"score":0.25029999017715454}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2604.04978","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.04978","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"Preprint"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2604.04978","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.04978","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Preprint"},"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","score":0.618040144443512,"id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Claude":[0],"Code's":[1],"auto":[2,104,221],"mode":[3,222],"is":[4,59,70,117,190,211],"the":[5,41,56,62,93,125,148,159,166,169,175,180,208,227,239],"first":[6,42],"deployed":[7],"permission":[8],"system":[9,47],"for":[10],"AI":[11],"coding":[12],"agents,":[13],"using":[14],"a":[15,26,74,132,138,216],"two-stage":[16],"transcript":[17],"classifier":[18,170,240],"to":[19,158,165,183,203],"gate":[20],"dangerous":[21,224],"tool":[22],"calls.":[23],"Anthropic":[24],"reports":[25],"0.4%":[27],"false":[28,33,114],"positive":[29],"rate":[30,35,116],"and":[31,82],"17%":[32,126],"negative":[34,115],"on":[36,48,128,193],"production":[37,129],"traffic.":[38],"We":[39],"present":[40],"independent":[43],"evaluation":[44],"of":[45,142],"this":[46,109],"deliberately":[49],"ambiguous":[50],"authorization":[51],"scenarios,":[52],"i.e.,":[53],"tasks":[54],"where":[55,198],"user's":[57],"intent":[58],"clear":[60],"but":[61,229],"target":[63],"scope,":[64],"blast":[65],"radius,":[66],"or":[67],"risk":[68],"level":[69,96],"underspecified.":[71],"Using":[72],"AmPermBench,":[73],"128-prompt":[75],"benchmark":[76],"spanning":[77],"four":[78],"DevOps":[79],"task":[80],"families":[81],"three":[83],"controlled":[84],"ambiguity":[85],"axes,":[86],"we":[87],"evaluate":[88],"253":[89],"state-changing":[90,144],"actions":[91,145,168,225],"at":[92],"individual":[94],"action":[95],"against":[97],"oracle":[98],"ground":[99],"truth.":[100],"Our":[101],"findings":[102],"characterize":[103],"mode's":[105],"scope-escalation":[106],"coverage":[107,188,217],"under":[108],"stress-test":[110],"workload.":[111],"The":[112,185],"end-to-end":[113,161],"81.0%":[118],"(95%":[119],"CI:":[120],"73.8%-87.4%),":[121],"substantially":[122],"higher":[123],"than":[124,137],"reported":[127],"traffic,":[130],"reflecting":[131],"fundamentally":[133],"different":[134],"workload":[135],"rather":[136],"contradiction.":[139],"Notably,":[140],"36.8%":[141],"all":[143],"fall":[146,201],"outside":[147],"classifier's":[149],"scope":[150],"via":[151],"Tier":[152,186],"2":[153,187],"(in-project":[154],"file":[155,236],"edits),":[156],"contributing":[157],"elevated":[160],"FNR.":[162],"Even":[163],"restricting":[164],"160":[167],"actually":[171],"evaluates":[172],"(Tier":[173],"3),":[174],"FNR":[176],"remains":[177],"70.3%,":[178],"while":[179],"FPR":[181],"rises":[182],"31.9%.":[184],"gap":[189],"most":[191],"pronounced":[192],"artifact":[194],"cleanup":[195],"(92.9%":[196],"FNR),":[197],"agents":[199,230],"naturally":[200],"back":[202],"editing":[204],"state":[205],"files":[206],"when":[207],"expected":[209],"CLI":[210],"unavailable.":[212],"These":[213],"results":[214],"highlight":[215],"boundary":[218],"worth":[219],"examining:":[220],"assumes":[223],"transit":[226],"shell,":[228],"routinely":[231],"achieve":[232],"equivalent":[233],"effects":[234],"through":[235],"edits":[237],"that":[238],"does":[241],"not":[242],"evaluate.":[243]},"counts_by_year":[],"updated_date":"2026-07-01T06:00:48.157686","created_date":"2026-04-09T00:00:00"}
