Hello fellow keepers of numbers,

We’ve finally made it to the time of year where I’ll hide tiny plastic eggs from my children so that I can find the stragglers 3 months from now.

This week, we have several fun accounting updates. Xero partners with Anthropic, TaxGPT claims to automate 1040s with browser automation, and PwC threatens their own partners. Plus, stick around for a demo on how to give memories to Claude Cowork.

THE LATEST

Xero announced a multi-year partnership with Anthropic that will embed Claude directly into Xero and bring Xero financial data and tools into Claude.ai. The deal centers on JAX ("Just Ask Xero"), a Claude-powered "financial superagent" that will analyze revenue and profit performance, monitor real-time cash flow, and surface unpaid invoices with suggested next steps.

Inside Xero, JAX will orchestrate financial workflows across accounting, payroll, and payments from start to finish, moving Xero from a static system of record toward one that can recommend and eventually trigger actions. Over time, Xero says JAX will be able to recommend or execute end-to-end tasks such as chasing overdue invoices or managing cash-flow gaps based on live data.

In Claude, Xero customers will be able to connect Xero and work with live revenue, profit, and invoice data directly inside Claude for analysis, planning, and scenario modeling without switching tools.

Financial data shared between Xero and Claude is used only for the specific session, and proprietary business data won't be used to train Anthropic's models. Claude-powered insights in Xero and the Xero integration inside Claude are expected to roll out in the coming months, with no specific launch date yet.

Why it’s important for us:

Xero has likely been hot in pursuit of this deal since Intuit struck one very similar for QBO a little over a month ago. This is more great news for the accounting space. 

I don’t have personal experience with JAX, but from what I’ve heard, it’s been underwhelming thus far. It’s definitely getting an upgrade, but more importantly, the data can be extracted from Xero into Claude to use with tools like Claude Cowork.

You might be able to see future workflows beginning to take shape. Systems of record pulled into your AI model’s agentic system (such as Claude Cowork) to do any number of things. Reconciliation, scenario planning, estimates, reporting.

This connector, as well as QBO’s, will almost certainly launch with a major limitation for accounting firms. It’ll require you to connect to one account at a time. If you’re working on Client A and want to switch over and start working on Client B, you’ll have to go into your settings and reconnect the Xero app to Client B’s login credentials.

This limitation exists with other connectors as well. However, I’m positive all the software companies are working on reliable and secure solutions as quickly as possible.

TaxGPT has launched a "Tax Prep Agent" that it says can prepare a full Form 1040 from intake through review-ready return without a human touching the keyboard. The agent pulls workpapers like W-2s, 1099s, K-1s, and Excel trial balances from local folders or intake tools, logs into cloud tax software via browser automation, enters data, runs diagnostics, and flags items that need human judgment.

It's built to work inside existing tax platforms such as Axcess, UltraTax, Drake, and ProConnect, so firms don't need a new portal or tax system.

Once prep is finished, the workflow hands off to "Agent Andrew," TaxGPT's review agent that reconciles the prepared return to the source documents and surfaces audit-sensitive issues and potential savings opportunities like missed deductions or carryovers.

TaxGPT claims its end-to-end agentic workflow cuts first-pass prep time by up to 90% and can save about 45 minutes per straightforward 1040 for a 20-person firm handling 2,000 returns a season. The current version is optimized for individual 1040s, with support for partnership (1065) and corporate (1120) returns on the roadmap.

Why it’s important for us:

Buckle up. Let’s break out the whiteboard and do a good ol’ pros and cons list. Pop the cap off the dry-erase marker and resist the temptation to sniff it.

Pros:

Cons:

Browser automation is not secure right now. It’s also slow. And it’s not very reliable (although new models are getting better, so we need more testing on this).

The fact that their news article mentions their SOC 2 Type II compliance is very misleading, in my opinion. How does the compliance cover data controls and data security around an AI agent that is asked to take your data, leave the software’s architecture, carry that data with it to the web, drop it in the right location in your cloud tax software, and then clear the cache/memory so that data doesn’t leak anywhere else while ‘outside’ of TaxGPT?

*Snaps cap back on marker*

Now that we’ve covered the pros and cons, I do want to mention that I think there’s a place for browser automation. And I think it could be a very big part of our near future. TaxGPT is clearly betting on this as well.

It’s probably a good bet. AI models are evolving rapidly, and this may be a trustworthy avenue for automation in the next 12 months. But the short-term gamble is really risky.

We’re in such a weird time for tax, specifically. So many firms are concerned about using their data in AI, which AI tools are secure, whether or not they need a 7216 consent form, etc. But at the same time, we have SOC 2 Type II compliant firms releasing features far less secure than Claude, ChatGPT, and Gemini (and built on Claude, ChatGPT, and Gemini…oh the irony). This isn’t just TaxGPT.

PwC's US CEO Paul Griggs told partners that anyone who thinks they can "opt out" of AI "is not going to be here that long." The Big 4 firm is moving away from traditional billable-hours economics and converting parts of its tax, audit, and consulting work into AI-powered tools and platforms.

At the center of this shift is PwC One, a new AI platform that packages PwC's methodologies and domain expertise into automated services clients can access directly, in some cases "without a PwC person in the loop." Pricing is expected to move toward subscription, usage-based, and outcomes-based models rather than hours worked.

Why it’s important for us:

It pretty much goes without saying that we shouldn’t always follow Big 4’s lead. But in this case, I really like the rhetoric within PwC.

The partnership model has so many flaws. It’s not the point of this writing, but let’s cover it for a short second. So many partners within CPA firms are nearing retirement age. They have little to no incentive to make an investment in new tech today to plan for the future because it’ll directly impact their revenue and partnership shares right now. Which means that the firm’s leading voices are anti-change in most cases. And this is a never-ending cycle.

It requires leadership at the top to enforce this change, so I applaud PwC (and many others right now) for pushing that.

But at the same time, the large firms are so slow to adopt. Change management is a massive headache. When I started at PwC, we had G-Suite (shocking, I know). So many people were still using Lotus Notes because they refused to adopt Google Hangouts. Some time around 2019 or so, we switched to Microsoft Outlook and Teams. Yet people still used Lotus Notes. And Lotus Notes sucks. That’s how hard it is to get accountants to change.

So this is a wake-up call. The Big 4 and other top firms are trying to be nimble. But they’re not. You’re nimble. The future of an accounting firm looks a lot different than what we see today.

TRENDING NEWS

Double releases its MCP: Connect your Double account to Claude, ChatGPT, or Gemini. The MCP allows you to pull data from Double and also make updates in Double directly within your AI model of choice. Using this with something like Cowork can instantly automate a large portion of new client onboarding, among many other very cool use cases.

Google releases Gemma 4, their new open-source model: Probably flying under the radar, but a major announcement. Local models will become more interesting to firms as the models become more powerful. You’re not charged for usage, and you’re in control of your own data. It’s interesting to consider if on-prem will come back around for firms as local models become more intriguing and cost-effective compared to frontier models like Claude and ChatGPT.

Anthropic’s new model leaks after internal documents are found in public storage: Marketing docs describe an unreleased model called “Mythos” that is a tier above Opus (currently the most powerful model). The model is apparently so strong in testing that Anthropic feels the need to provide it to enterprise security teams first so they can prepare before the general public gets access. No public release date for this model yet.

Anthropic accidentally leaks Claude Code’s source code: Back-to-back Anthropic leaks? Yup, not a good look. This one significantly more problematic than the last. They leaked the code that runs Claude Code, and pretty much every developer on the planet copied it within seconds. It’s illegal to do that, by the way, so don’t get any ideas.

OpenAI Responses API updated to run agentic systems on OpenAI servers: If you ever wanted to use Claude Cowork through an API, that’s essentially what this is. Right now, Claude Cowork can only be run in Claude Cowork (unless you build something extremely complex). With OpenAI’s Responses API, you can now build this into your automations. This is an incredibly interesting announcement for firms looking to build custom automations and custom AI tools.

Anthropic won an injunction blocking the supply chain risk designation: Several weeks ago, the U.S. government officially designated Anthropic a supply chain risk as part of the fallout of the failed negotiations with the Pentagon. This isn’t nearly done yet, but this is the first win for Anthropic. Each of these decisions affects any company using Claude that does business with the U.S. government.

PUT IT TO WORK

My wife thinks I have short-term memory loss. I forget why she thinks that.

But Claude remembers nearly everything because I set up my own memory system. I walked through some very simple tips in the demo below that might help.

Memory in Claude Cowork - Watch Video

WEEKLY RANDOM

There were two major cybersecurity incidents this week, not including the self-inflicted leaks from Anthropic. The first incident hit Axios, where attackers put malware on two versions of an npm package (don’t stop reading yet, I’ll speak normal English again shortly). The second incident hit Mercor, where attackers allegedly put malware in two versions of a PyPI package.

Side note: So many devices are popping up using AI to translate one language into another. How about translating legalese or cybersecurity into real words and sentences?

Okay, now let me try to translate this for us because these are actually both very serious incidents. In both cases, attackers were successful because of compromised credentials by the maintainer (person/group in charge of maintaining the software). Then the attackers were able to put malware into the packages, which infected anyone who installed the compromised versions.

In the Axios attack, there are more than 70M downloads per week. It’s not clear yet the number possibly impacted in the other attack, but it has already hit large companies like Mercor.

Mercor is an interesting company that “hires” freelancers to record themselves working on specialized tasks, which is then used to train AI models. Now, every piece of data, from PII acquired during onboarding to the recorded videos to the AI companies’ proprietary data, has allegedly been stolen. This could easily impact millions of people.

I don’t think we have all the details yet, but it’ll be interesting to see what role AI played in both of these attacks. As more code is written and deployed by AI models, there may be more holes in software for attackers to exploit. But also, AI is making it much easier for attackers to hack into accounts and place malware, exactly like they did in both cases here.