Microsoft ships VS Code weekly, adds Autopilot mode so AI can wreak havoc without bothering you
(2026/03/11)
- Reference: 1773232737
- News link: https://www.theregister.co.uk/2026/03/11/visual_studio_code_moves_to/
- Source link:
Microsoft's Visual Studio Code (VS Code) is moving to a weekly release cycle, as well as joining Google in encouraging agentic AI development without manual approval with a new Autopilot feature.
VS Code has always had a rapid release cycle, formerly based on a monthly update which included an "Endgame" week where code was temporarily frozen, tested, and any identified issues fixed before release. Endgame plans were published on GitHub, for example [1]this one for November 2025. There was also one or more recovery releases following the update, to address urgent issues discovered by users.
Microsoft execs worry AI will eat entry level coding jobs [2]READ MORE
Now the release cycle has been further accelerated. Microsoft distinguished engineer Kai Maetzel, who runs the VS Code engineering team, [3]said that after "streamlining our development and delivery process … we'll ship a new Stable release every week. Endgame will now be folded into our weekly activities."
VS Code users on Reddit had questions. "What's the point of Insider build?" [4]said one, this being a monthly preview of the next release in the old schedule; and [5]another asked , "Is there a way to stay behind a few versions so you can be sure that stuff is actually fixed?"
Another developer [6]commented that the change is "confusing and concerning." Some releases require settings changes and having to review and amend settings every week is a burden.
[7]
In the [8]release notes for version 1.111, the first weekly stable release, the team expanded on what has enabled the change. AI is part of it. "We added a one-click experience for creating test plans from feature request issues," state the notes, reducing the manual steps previously required.
[9]
[10]
All the new features in version 1.111 are AI-related, including a preview of Autopilot, in which an AI agent works autonomously until a task is completed. Autopilot is a permission level in Copilot Chat, in which all tool calls are approved automatically, errors are automatically retried, and questions raised by tools auto-respond "so that the agent does not stall waiting for a reply."
[11]
Autopilot is Copilot but without the manual checks - Click to enlarge
Although it speeds development, auto approval is a security risk because of the non-deterministic nature of generative AI and its vulnerability to prompt injection. Having agents call third-party tools using MCP (Model Context Protocol) adds risk since it widens the scope of the agent beyond the coding environment and is vulnerable to poorly coded tools or attacks such as tool poisoning. Having an agent auto-answer prompts raised by tools removes an important protection.
[12]Amazon insists AI coding isn't source of outages
[13]AI vs AI: Agent hacked McKinsey's chatbot and gained full read-write access in just two hours
[14]Microsoft Azure CTO set Claude on his 1986 Apple II code, says it found vulns
[15]Dev stunned by $82K Gemini bill after unknown API key thief goes to town
[16]Bcachefs creator insists his custom LLM is female and 'fully conscious'
Microsoft intends to have Autopilot enabled by default, though this is not quite as bad as it sounds. Enabling Autopilot only makes it available as an option in Chat. There are three levels of agentic permission, these being Default, Bypass Approvals and the new Autopilot. Autopilot goes beyond Bypass Approvals by auto-answering tool prompts and continuing to work until it thinks that a task is done.
Anthropic tries to hide Claude's AI actions. Devs hate it [17]READ MORE
The documentation [18]recommends enabling experimental terminal sandboxing to restrict file system and network access for agent-executed commands – but this only works on macOS and Linux. "If prompt injection is a concern, use terminal sandboxing or run VS Code in a dev container instead of relying on auto-approval rules alone," it states.
Microsoft is not alone in promoting YOLO (you only live once) development. Google yesterday bragged about its new Auto Approve Mode in Gemini Code Assist. [19]According to the team, Auto Approve Mode lets the agent act without manual steps. We are told that this "transforms tedious, multi-file updates that once took hours into a single, automated command, powerfully freeing you up to focus on more complex architectural challenges."
[20]
The global Auto Approve setting for Google Gemini in VS Code complete with warning never to use it - Click to enlarge
Developers who head to Google's documentation though will find it littered with warnings. "The agent has access to your machine's file system and terminal actions as well as any tools you've configured for use. Be extremely careful where and when you automatically allow agent actions," it says.
The description of Auto Approve in the global setting is even more emphatic. "This is extremely dangerous and is never recommended … this feature disables critical security protections," it says.
It is perplexing that Google's blog post promotes this feature, while the documentation warns against using it.®
Get our [21]Tech Resources
[1] https://github.com/microsoft/vscode/issues/280461
[2] https://www.theregister.com/2026/02/23/microsoft_ai_entry_level_russinovich_hanselman/
[3] https://github.com/microsoft/vscode/issues/300108
[4] https://old.reddit.com/r/vscode/comments/1rpbd2i/vscode_1111_released_today/o9na84p/
[5] https://old.reddit.com/r/vscode/comments/1rpbd2i/vscode_1111_released_today/o9kkfm8/
[6] https://github.com/microsoft/vscode/issues/300108#issuecomment-4027927310
[7] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/aiml&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2abGfttAaW9crnAcNOn-3NQAAABQ&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[8] https://code.visualstudio.com/updates/v1_111
[9] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/aiml&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44abGfttAaW9crnAcNOn-3NQAAABQ&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[10] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/aiml&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33abGfttAaW9crnAcNOn-3NQAAABQ&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[11] https://regmedia.co.uk/2026/03/11/copilot-autoapproval.jpg
[12] https://www.theregister.com/2026/03/10/amazon_ai_coding_outages/
[13] https://www.theregister.com/2026/03/09/mckinsey_ai_chatbot_hacked/
[14] https://www.theregister.com/2026/03/09/claude_legacy_code_vulns/
[15] https://www.theregister.com/2026/03/03/gemini_api_key_82314_dollar_charge/
[16] https://www.theregister.com/2026/02/25/bcachefs_creator_ai/
[17] https://www.theregister.com/2026/02/16/anthropic_claude_ai_edits/
[18] https://code.visualstudio.com/docs/copilot/security
[19] https://developers.googleblog.com/unleash-your-development-superpowers-refining-the-core-coding-experience/
[20] https://regmedia.co.uk/2026/03/11/gemini-warning.jpg
[21] https://whitepapers.theregister.com/
VS Code has always had a rapid release cycle, formerly based on a monthly update which included an "Endgame" week where code was temporarily frozen, tested, and any identified issues fixed before release. Endgame plans were published on GitHub, for example [1]this one for November 2025. There was also one or more recovery releases following the update, to address urgent issues discovered by users.
Microsoft execs worry AI will eat entry level coding jobs [2]READ MORE
Now the release cycle has been further accelerated. Microsoft distinguished engineer Kai Maetzel, who runs the VS Code engineering team, [3]said that after "streamlining our development and delivery process … we'll ship a new Stable release every week. Endgame will now be folded into our weekly activities."
VS Code users on Reddit had questions. "What's the point of Insider build?" [4]said one, this being a monthly preview of the next release in the old schedule; and [5]another asked , "Is there a way to stay behind a few versions so you can be sure that stuff is actually fixed?"
Another developer [6]commented that the change is "confusing and concerning." Some releases require settings changes and having to review and amend settings every week is a burden.
[7]
In the [8]release notes for version 1.111, the first weekly stable release, the team expanded on what has enabled the change. AI is part of it. "We added a one-click experience for creating test plans from feature request issues," state the notes, reducing the manual steps previously required.
[9]
[10]
All the new features in version 1.111 are AI-related, including a preview of Autopilot, in which an AI agent works autonomously until a task is completed. Autopilot is a permission level in Copilot Chat, in which all tool calls are approved automatically, errors are automatically retried, and questions raised by tools auto-respond "so that the agent does not stall waiting for a reply."
[11]
Autopilot is Copilot but without the manual checks - Click to enlarge
Although it speeds development, auto approval is a security risk because of the non-deterministic nature of generative AI and its vulnerability to prompt injection. Having agents call third-party tools using MCP (Model Context Protocol) adds risk since it widens the scope of the agent beyond the coding environment and is vulnerable to poorly coded tools or attacks such as tool poisoning. Having an agent auto-answer prompts raised by tools removes an important protection.
[12]Amazon insists AI coding isn't source of outages
[13]AI vs AI: Agent hacked McKinsey's chatbot and gained full read-write access in just two hours
[14]Microsoft Azure CTO set Claude on his 1986 Apple II code, says it found vulns
[15]Dev stunned by $82K Gemini bill after unknown API key thief goes to town
[16]Bcachefs creator insists his custom LLM is female and 'fully conscious'
Microsoft intends to have Autopilot enabled by default, though this is not quite as bad as it sounds. Enabling Autopilot only makes it available as an option in Chat. There are three levels of agentic permission, these being Default, Bypass Approvals and the new Autopilot. Autopilot goes beyond Bypass Approvals by auto-answering tool prompts and continuing to work until it thinks that a task is done.
Anthropic tries to hide Claude's AI actions. Devs hate it [17]READ MORE
The documentation [18]recommends enabling experimental terminal sandboxing to restrict file system and network access for agent-executed commands – but this only works on macOS and Linux. "If prompt injection is a concern, use terminal sandboxing or run VS Code in a dev container instead of relying on auto-approval rules alone," it states.
Microsoft is not alone in promoting YOLO (you only live once) development. Google yesterday bragged about its new Auto Approve Mode in Gemini Code Assist. [19]According to the team, Auto Approve Mode lets the agent act without manual steps. We are told that this "transforms tedious, multi-file updates that once took hours into a single, automated command, powerfully freeing you up to focus on more complex architectural challenges."
[20]
The global Auto Approve setting for Google Gemini in VS Code complete with warning never to use it - Click to enlarge
Developers who head to Google's documentation though will find it littered with warnings. "The agent has access to your machine's file system and terminal actions as well as any tools you've configured for use. Be extremely careful where and when you automatically allow agent actions," it says.
The description of Auto Approve in the global setting is even more emphatic. "This is extremely dangerous and is never recommended … this feature disables critical security protections," it says.
It is perplexing that Google's blog post promotes this feature, while the documentation warns against using it.®
Get our [21]Tech Resources
[1] https://github.com/microsoft/vscode/issues/280461
[2] https://www.theregister.com/2026/02/23/microsoft_ai_entry_level_russinovich_hanselman/
[3] https://github.com/microsoft/vscode/issues/300108
[4] https://old.reddit.com/r/vscode/comments/1rpbd2i/vscode_1111_released_today/o9na84p/
[5] https://old.reddit.com/r/vscode/comments/1rpbd2i/vscode_1111_released_today/o9kkfm8/
[6] https://github.com/microsoft/vscode/issues/300108#issuecomment-4027927310
[7] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/aiml&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2abGfttAaW9crnAcNOn-3NQAAABQ&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[8] https://code.visualstudio.com/updates/v1_111
[9] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/aiml&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44abGfttAaW9crnAcNOn-3NQAAABQ&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[10] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/aiml&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33abGfttAaW9crnAcNOn-3NQAAABQ&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[11] https://regmedia.co.uk/2026/03/11/copilot-autoapproval.jpg
[12] https://www.theregister.com/2026/03/10/amazon_ai_coding_outages/
[13] https://www.theregister.com/2026/03/09/mckinsey_ai_chatbot_hacked/
[14] https://www.theregister.com/2026/03/09/claude_legacy_code_vulns/
[15] https://www.theregister.com/2026/03/03/gemini_api_key_82314_dollar_charge/
[16] https://www.theregister.com/2026/02/25/bcachefs_creator_ai/
[17] https://www.theregister.com/2026/02/16/anthropic_claude_ai_edits/
[18] https://code.visualstudio.com/docs/copilot/security
[19] https://developers.googleblog.com/unleash-your-development-superpowers-refining-the-core-coding-experience/
[20] https://regmedia.co.uk/2026/03/11/gemini-warning.jpg
[21] https://whitepapers.theregister.com/
Re: Might I suggest VSCodium?
takno
I don't want a weekly update. The monthly updates already come too often, and almost never have any bugfixes of features I will use. There is literally no value to me in wasting bandwidth downloading a Snap and restarting the software so that it install. A weekly update of VSCodium wouldn't be any better in this respect.
Added to which, the entire application is useless to me without a fair number of plugin-ins, so access to the actual store where the real versions of those are kept updated is a must.
Overall, why on earth would I use VsCodium rather than something completely different like Zed or one of its forks?
Re: Might I suggest VSCodium?
werdsmith
Zed is wonderful on Windows, Mac and on a linux machine with decent GPU driver support, but can still be a bit shit on some linuxes. It is built to work with AI though, so that might be a reason. It's still only V0.227 as I write this.
Re: Might I suggest VSCodium?
Jason Bloomberg
One issue using VSCodium is that some of the more commonly used extensions provided for VS Code come from Microsoft and aren't available for VSCodium -- Alternatives will need to be found.
Hopefully, as VSCodium adoption increases, that will become less of a problem.
I'd also recommend giving it a try.
M.V. Lipvig
"Some releases require settings changes and having to review and amend settings every week is a burden."
Sounds like a goal for M$ to me. When reviews are burdensome, people eventually stop doing them. When that happens, M$ owns your machine.
Might I suggest VSCodium?
VS Code is an open source project. Prior it a VS Code release, Microsoft takes the code, puts it in their own private environment, and then adds the Microsoft stuff, which includes telemetry and features like Copilot. If you don't care for the Microsoft extra sauce, you can easily install VSCodium instead. It's just a build of the open source project.
If you find yourself spending 5-10 minutes on each update of VS Code, turning off the features that Microsoft keeps adding back (yeah, that's you I am looking at Copilot), VSCodium might be for you.
Check it out: https://vscodium.com