At TDX 2026, Salesforce announced Headless 360 — the re-architecting of the platform so every capability is exposed as an API, MCP tool, or CLI command. Parker Harris’s framing question in the lead-up — “Why should you ever log into Salesforce again?” — captures the ambition. The full vision will play out over several quarters. But one piece is available right now, in any production org, and took me about an hour to turn on: Salesforce Hosted MCP Servers. So I did, connected Claude to our own Modelit org, and watched what changed.

Here’s what I found — and the security decisions I’d think harder about than the setup guide does.

The problem MCP actually solves

Most Salesforce orgs have more useful data than their teams can extract. Not because the data isn’t there — because getting to it requires a report, a list view, a SOQL query, or a quick favor from whoever owns the org. The friction is small per question. It compounds across a quarter.

Connecting Claude to Salesforce via the Hosted MCP server didn’t move the data. It moved the cost of asking.

What I actually do with it

ICP refinement

Sharpening our scoring card used to mean pulling closed-won customers into a spreadsheet, segmenting by vertical and size, and looking for patterns by hand. Now I pull a slice, ask follow-ups, test a hypothesis, pull a counter-slice, and arrive at a sharper criterion in one sitting. A week’s work becomes a working session.

Event targeting

Salesforce Agentforce World Tour in NY came up. I needed customers and prospects in the metro area with full relationship context — tenure, last touch, open deals, expansion potential. Reporting could have produced a list. Claude produced a prioritized list with the qualitative context I’d otherwise pull manually from each Account.

Account research before calls

Before a renewal or expansion conversation, I want recent activity, open Cases, contact roles, and engagement history. Claude pulls it conversationally, in the same chat where I’m prepping. The “five-tab Salesforce ritual” goes away.

Case study creation across systems

Modelit lives off case studies. Producing one used to mean Google Drive for project briefs, Jira for delivery history, Notion for customer voice, and Salesforce to update the Account record. Now Claude pulls from all of them in one conversation and writes structured updates directly to Salesforce — case study URL, outcome summary, key metrics, all on the right custom fields. The case study still requires my judgment. The 90 minutes of context-gathering doesn’t.

The pattern: the value isn’t replacing reports or dashboards. It’s the long tail of one-off questions and cross-system workflows that never made it onto the engineering or RevOps backlog because the cost of asking exceeded the cost of guessing — or living without.

The bigger shift: AI as the interface to every system

The “why log into Salesforce again” question has a sharper edge than it first appears. Parker Harris framed it as a Salesforce question. It isn’t. The same logic applies to every other business system in your stack.

QuickBooks already has an MCP server — Intuit’s official one, full CRUD on 29 entity types and 11 financial reports. So do HubSpot, Atlassian (Jira and Confluence), Google Drive, and a growing roster of platforms. Data that used to live in four or five tabs converges into one prompt. Integration work that historically needed an iPaaS license and a quarter of engineering time happens conversationally, in the same chat where I’m doing the actual work.

This changes how I evaluate tools. I used to weigh UI quality, workflow fluency, native reporting. Now the question is also: how good is this vendor’s MCP server, and how clean is the data surface they expose? If a tool’s data is accessible to my AI, the UI matters less. If it’s not, the tool is becoming an island. Vendors who delay exposing MCP surfaces will get bypassed — by their own customers’ AI tools pulling from competitors that did.

The security decisions that matter

Match access scope to the use case

Salesforce offers Read-only, Mutations, and full SObject servers, plus persona-scoped Custom servers. The default temptation is to grant everyone full access. Resist it — most users only need reads, and where mutations matter, prefer Apex Invocable methods over raw SObject access so business logic isn’t bypassed.

FLS inherits — and that cuts both ways

Claude only sees what the logged-in user can see in the UI. The catch: most orgs configured FLS for occasional viewing, not bulk extraction. A user with read access to compensation, customer PII, or sensitive pricing can now ask Claude to pull it all at once. Audit FLS before you connect, not after.

Cross-system permissions compose

As you connect Claude to additional MCP servers, users hold the union of those permissions in one chat. Combinations no single admin authorized can produce reports no single tool would. Access reviews need to happen at the user-times-tool level.

Treat connectors like any external integration

For larger orgs, admin-approved access is safer than open self-authorization. Review active connections quarterly. Disconnect departed employees.

What I’d tell a customer

Connecting Claude to Salesforce is not a switch you flip — it’s a deployment. The sequence I recommend: stand it up in sandbox with reads only, audit FLS with the assumption that bulk extraction is now possible, design persona-scoped Custom servers for users who need mutations, and add MCP connectors to your quarterly access review at the user-times-tool level.

Headless 360 is the bigger Salesforce story. But it’s part of a bigger industry shift: enterprise systems are becoming MCP servers, and AI tools are becoming the interface that connects them. The work that matters — clean data foundations, thoughtful permissioning across systems, persona-scoped access — is upstream of any single connection. That’s exactly the conversation we’re having with customers right now.

Modelit helps Salesforce orgs deploy AI on top of clean data foundations. If you’re considering Claude + Salesforce MCP for your team, we can help with the architecture decisions before you turn it on. Book a consultation →‍

Summary

Salesforce Hosted MCP Servers ship now and take about an hour to turn on. The real value isn’t replacing reports — it’s shrinking the cost of asking, so the long tail of one-off questions and cross-system workflows finally gets answered. The harder work happens upstream of the connection: audit FLS before bulk extraction is possible, prefer persona-scoped Custom servers with Apex Invocable methods over raw SObject mutations, and run access reviews at the user-times-tool level once you stack multiple connectors. Headless 360 is the Salesforce story; the broader pattern — AI as the interface to every business system — is the one shaping how Modelit advises customers right now.