The Assistant That Reads Your Google Docs and Updates Salesforce
Anthropic shipped code execution inside MCP and the demo involves actual enterprise software talking to other enterprise software.
Code execution with MCP — reading Google Docs and updating Salesforce. Either the most boring or most consequential sentence about AI. The gap between those readings hasn't closed.
Anthropic dropped the full release of code execution with MCP today, and one of the featured examples has the model reading through Google Docs and updating records in Salesforce — which is either the most boring sentence ever written about AI or the most consequential one, depending on how much of your week you currently spend doing exactly that by hand.
The thing that makes this different from the usual "AI can use tools" announcement is the execution part. MCP already gave models a way to call tools — fetch this, write that, query the other thing. Code execution on top of that means the model can write a small program, run it, see what came back, and decide what to do next. It's the difference between an assistant that can press buttons and one that can build a small machine to press buttons in the right sequence.
The Google Docs to Salesforce pipeline is a good example to lead with because it's not impressive in a flashy way — it's impressive in a this-is-genuinely-tedious way. Someone is maintaining records in a doc, someone else needs those records in CRM, there's a human in the middle doing copy-paste with extra steps. The model reads the doc, figures out the structure, writes the update calls, executes them. The human goes to lunch.
That's not AGI. It's a good intern.
What's interesting is what this implies about the MCP architecture itself. You have a protocol layer that brokers connections between the model and arbitrary external systems — Salesforce has an MCP server, Google Workspace has one, and suddenly the model has credentials and surface area across your entire software stack. Code execution makes that surface area composable. The model isn't limited to the exact operations the MCP server exposes; it can write glue code that transforms, filters, and orchestrates across multiple servers in a single task.
This is also the point where the security conversation gets real. An MCP server is essentially a process with permissions. Code execution in that context means the model can author arbitrary logic that runs with those permissions. Anthropic has been careful about sandboxing — the execution environment is isolated, outputs are inspectable — but the attack surface is genuinely larger now, and prompt injection via a malicious document telling the model to update the wrong Salesforce records is not a theoretical problem.
The release has been in the air for a few weeks — they telegraphed it — but seeing the full thing out is a different feeling. The demo that reads a Google Doc and touches production CRM data is not a research preview. That's a thing you can deploy.
Whether you should is a separate question.
Counterpoints
Push back, extend the argument, or sharpen it. New counterpoints go through review before they show up here.
No approved counterpoints yet.