A quiet change in Salesforce this month rewired how AI can reach into the system your company already runs. Most leaders have no idea what is about to be visible.
This week Salesforce made an announcement that got headlines. What it actually means didn’t.
The product is called Headless 360. In plain terms: outside AI tools like Claude and ChatGPT can now operate inside Salesforce directly. Read customer records. Update accounts. Run workflows. Close cases. Move opportunities through a pipeline. All without anyone logging in, clicking through menus, or opening a browser.
Marc Benioff asked the question out loud. “Why should you ever log into our software again?”
This matters far beyond Salesforce. The same shift is coming to every business system your company touches — ERP, email, finance, HR, the bank connection. Salesforce moved first because Salesforce is where the most decisions live. But every vendor is racing the same direction, and the analysts writing about pricing and per-agent fees are all writing about the wrong thing.
Here is the thing nobody is saying.
The screen was doing more work than anyone knew.
Think about any app you use every day. Your email. Your online bank. The site where you book a flight.
Every one of those apps has a screen. Menus. Buttons. Forms. The thing you see when you log in.
For twenty years, those screens have been doing two jobs at the same time.
The first job is obvious. The screen shows information and lets you take action. Click a button. Send an email. Transfer money. Place an order.
The second job is invisible. The screen has been quietly protecting the system from itself.
Think about your online bank. Try to send $10,000 to a new account. The screen stops you. Are you sure? Confirm the amount. Verify with a text. Wait for approval.
All of those checks exist for a reason. Without them, money moves the wrong way. Fraud happens. Mistakes can’t be reversed.
Here’s what you may not have noticed. Most of those checks don’t live in the bank itself. They live in the screen.
Same thing with your email. The inbox hides messages flagged as spam. It warns you before you send sensitive information. It asks if you really meant to reply to everyone.
Same thing with Salesforce. The screen hides the records the user should not see. The form blocks the bad entry. The friendly error message says contact your admin instead of exposing what is actually broken underneath. The workflow lets the sales rep save the opportunity and then quietly fixes the three fields they got wrong — without telling anyone.
The screen was not just a window into the system.
It was a safety net.
This month, the safety net started coming off.
An AI agent does not see the screen. It sees everything the screen was covering up.
It does not get the warnings. It does not see the polite error messages. It reads the system exactly as it really is.
Your system was not well-governed. It was well-hidden.
The screen was also the speed limit. Nobody called it that.
Every company has rules about change. Somebody has to approve a big expense. Somebody has to review a new vendor. Somebody has to sign off before customer data gets shared.
All of those rules assume the same thing. Somewhere in the process, a person has to log in, make the change, and save it.
That person was the speed limit. Not the policy. Not the approval form. The fact that a human had to do the clicking.
Remove the clicking.
Now your systems can move faster than anyone can check whether what they’re doing is safe.
This isn’t a security problem. It isn’t an IT problem. It’s a physics problem.
The time between “something was requested” and “it is done — everywhere, for everyone, at once” just dropped from days to seconds. The approval systems your company spent a decade building were designed to work at the speed of minutes, hours, and days.
They were not designed for seconds.
Nothing broke. What changed is that the rules your company lives by only ever worked because humans were slow.
What a system actually looks like when someone finally looks.
Let me tell you what we found inside a company that was sure its system was fine.
A healthcare business. Part of a very large, well-known pharmaceutical parent. Patient records. A busy customer service operation. Federal privacy rules.
For three years, the standing answer from the technology team had been the same. The system is stable. We are in good shape.
Then somebody independent finally looked.
Three things the executive team had never been told.
First, money leaking out. The company was paying six figures a year for Salesforce seats and services that nobody was using. Not because anyone wasted money on purpose. Because nobody had done the math. Nobody had compared what the company was paying for to what was actually being used.
Imagine paying for three gym memberships because you signed up years ago and forgot to cancel two. Now imagine that at the scale of a large company, with hundreds of little line items quietly renewing in the background.
Second, a process that was not what anyone thought it was.
The customer service team described their main workflow as eight steps. The written procedure said eight steps.
Once we traced what actually happened in the real system — all the workarounds, the manual handoffs, the automatic steps running in the background, the shortcuts people had added over the years — the actual process had thirty-eight steps.
That’s a problem by itself. It becomes a much bigger problem when an AI agent is handed the same workflow and told to handle it.
The agent does not know the procedure says eight steps. It looks at the system and sees thirty-eight. It will run all thirty-eight, faster than anyone on the team can see what is happening.
It’s the difference between the recipe on the back of the box and the actual mess in the kitchen.
An AI cooks from what is in the kitchen. Not what the box says.
Third, privacy exposure. Nothing dramatic. No single big violation. Just the pattern most regulated companies eventually find when somebody finally looks.
Access to sensitive patient information that had been granted years ago. To people who had long since left the company. By managers who were also long gone. None of it documented. The only thing preventing a problem was that the Salesforce screen quietly kept those records hidden from view.
The team running that system was not careless. They were not underfunded.
The screen was simply doing the work of hiding the problem for them.
Now take that same company and give an outside AI agent full, direct access to everything underneath the screen. Read every record. Run every process. Touch every field.
It will not see the screen.
It will see what the screen was covering up all along.
The composite picture arrives on schedule.
Here’s what is happening right now in boardrooms at mid-size companies everywhere.
The CEO reads a headline. AI is running business systems now. The directive lands on the executive team’s lap. Where are we on this?
Look at who is in that room.
The Salesforce account executive gets paid more when the customer buys more licenses and more Agentforce credits. The integrator that built the system gets paid more when the scope grows. The AI vendor has a sales target this quarter. The internal technology team cannot raise its hand and say the system is not safe without risking their own jobs and admitting what didn’t get done on their watch.
Every one of those people, with complete sincerity, will tell leadership the system is ready.
That is not because anyone is lying.
It’s because not a single person in the room is paid to say not yet.
Every other serious industry figured this out a long time ago.
Nobody buys a house without an inspection by someone who is not the seller.
Nobody closes an acquisition on diligence performed by the company being sold.
Nobody signs audited financials without an auditor who isn’t the CFO.
Nobody performs surgery on themselves.
Enterprise technology is the one place the pattern hasn’t arrived. A CIO signs off on a nine-figure AI mandate using the same kind of composite picture — assembled by people paid to get a yes — that would be disqualifying in any other industry.
This month’s change didn’t create that gap. It just made the cost of the gap real.
Until this month, a company sitting on a fragile system had time. The screen was the speed limit. Humans were the safety net. Bad decisions surfaced slowly — in service complaints, in missed numbers, in quiet rework nobody logged.
That buffer is gone.
Every bad decision from the last decade is one direct call away from being executed at full speed by something that will not pause.
The question the CEO should actually be asking.
It is not “Are we ready for AI?”
It is this: Is anyone in this room able to tell us the truth about what our systems actually look like — without the screen cleaning them up on the way in?
In most companies, the answer is no.
Not because nobody in the room is honest.
Because everybody in the room has a financial or political reason to say it is fine.
That is the chair nobody fills. It has always been empty. This month just made leaving it empty expensive.
My practice doesn’t build. Doesn’t staff. Doesn’t compete for the implementation work on the other side of the verdict. I get paid the same whether the answer is build, fix, pause, or walk away. That structural independence is why I can write this at all.
The companies that win the next year will be the ones who find out what their systems actually look like — before an outside AI agent does.
— Mike Sommer
Proof before commitment. Confidence before costly change.
Leave a Reply