KPMG Signs Global Alliance With Anthropic — Claude Goes to All 276,000 Employees and Into Digital Gateway
KPMG, the Big Four audit, tax, legal, and advisory firm operating across 138 countries, is putting Claude in front of every one of its 276,000-plus employees and embedding it inside Digital Gateway — the software KPMG’s people and clients use to deliver work — starting with new tools for tax and legal clients. The alliance builds on two years of Claude adoption inside KPMG’s US AI and Data Labs, and names KPMG a preferred Anthropic partner for private equity, with jointly built Claude products planned for PE portfolio companies.
The detail that lands: KPMG says building an agent to help clients adapt to changing tax rules used to take weeks across multiple tools, and with Cowork and Managed Agents inside Digital Gateway it now takes minutes. This is the distribution side of the agent story Anthropic spent all week pitching — a single alliance that wires the new runtime into one of the largest professional-services workforces on earth.
PwC Expands Its Claude Deployment — Claude Code and Cowork Roll Out for Client Work
The KPMG news didn’t arrive in a vacuum. PwC also expanded its partnership with Anthropic, deploying Claude to build technology and execute client deals — rolling out Claude Code and Cowork starting with US teams and expanding toward a global workforce of hundreds of thousands of professionals. Two of the Big Four locking in Claude in the same week is its own headline.
For Anthropic, the consulting and audit giants are ideal beachheads: huge headcounts, deep client relationships, and a constant appetite for tooling that compresses repetitive analytical work. The pattern across both deals is the same — not a chatbot license, but Claude embedded in the systems where the billable work actually happens. Expect the remaining Big Four firms to feel the pressure to pick a horse.
A SOCKS5 Null-Byte Bug Let Claude Code’s Sandbox Be Bypassed for 5 Months — Quietly Patched, No CVE
Security researchers detailed a sandbox bypass that affected every Claude Code release from v2.0.24 (sandbox GA, October 2025) through v2.1.89 — roughly 130 versions over 5.5 months. The flaw: a SOCKS5 hostname null-byte injection that tricked the allowlist filter into seeing one hostname while connecting to another, defeating any wildcard rule like *.anthropic.com and opening a path to exfiltrate credentials and source code from inside the sandbox.
Anthropic fixed it in sandbox-runtime 0.0.43, shipped as Claude Code v2.1.90, by validating hostnames and rejecting null bytes, CRLF, and other non-DNS characters before the matcher runs. The sharper criticism is the disclosure: no CVE, no advisory on the Claude Code security page, no release-note mention, and no outreach to users who ran wildcard allowlists during the window — the second time in five months a sandbox bypass was handled this quietly. If you ran a wildcard allowlist on a credential-bearing machine, update to v2.1.90+ and rotate anything reachable.
Claude Code Weekly Limits Jump 50% Through July 13 — The Anti-Codex Move
Anthropic raised Claude Code weekly limits by 50% for Pro, Max, Team, and seat-based Enterprise users through July 13, live everywhere Claude Code runs — CLI, IDE extensions, desktop, and web — with nothing to opt into. It stacks on a recent doubling of the 5-hour limits, so heavy users are getting a 2x short-window boost and a 1.5x weekly bump at the same time.
The framing in the community is competitive: with OpenAI’s Codex reportedly chewing through far fewer tokens for equivalent tasks, loosening the quota is the cheapest way to keep power users from drifting. If you’ve been rationing Claude Code sessions to dodge the weekly wall, the next seven weeks are the window to lean in — point it at the bigger refactors you’ve been deferring.
Reliability Pass Lands — /resume for Background Sessions, an Amber Spinner, and Hook Notifications
Alongside the headline agent features, Claude Code shipped a broad reliability update. Background sessions started via claude --bg or Agent view now show up in /resume alongside interactive ones, tagged bg; the thinking spinner warms to amber after 10 seconds so you know it’s still working; and a new terminalSequence field in hook output lets hooks fire desktop notifications, window titles, and bells without a controlling terminal.
There are real fixes too — Agent Teams teammates with non-ASCII names no longer fail every API call on bad header encoding, and the Read tool now returns a truncated “PARTIAL view” first page instead of a hard error when a whole-file read blows the token budget. None of it is flashy, but this is the connective tissue that keeps long-running agent sessions from falling over mid-task.
Coros Ships the First Official Wearable MCP Server — Pipe Your Training Data Straight Into Claude
Endurance-watch maker Coros published an official Model Context Protocol server, becoming the first major wearable brand to give an AI assistant a direct, permissioned line into an athlete’s account. Authorize the connection once and Claude (or ChatGPT, Cursor, or the Gemini CLI) can read workouts, sleep, HRV, training load, and race predictions through a standard interface — no copy-pasting screenshots of last week’s runs.
It’s a small product on its own, but a useful signal: MCP is leaking out of the developer world and into consumer hardware. When a watch brand ships an MCP server as a feature, the protocol stops being an Anthropic developer convention and starts looking like the default way apps expose data to any assistant. Coros notes it works best on Claude Pro or ChatGPT Plus, since free-tier message limits make daily use impractical.
Saturday Read — The Capability Curve, and What the Post-Event Week Actually Told Us
The line everyone clipped from Code with Claude was Alex Albert’s “capability curve”: Claude went from 62% on SWE-bench Verified with Sonnet 3.7 a year ago to 87% with Opus 4.7 today. It’s a tidy way to set expectations — the slope, not the snapshot, is the pitch. But the week that followed told the more interesting story, and it wasn’t about benchmarks at all. It was KPMG and PwC, a wearable shipping an MCP server, and a quietly patched five-month security hole.
Put those together and you get the real shape of Anthropic in mid-2026: a company racing to convert a steep capability curve into distribution and trust before competitors close the gap. The partnerships are the distribution. MCP showing up in a running watch is the ecosystem compounding on its own. And the sandbox bypass is the bill that comes due — when you put agents inside 276,000-person firms, the security disclosure standard can’t be a silent patch and a version bump. The curve is real. So is the gap between shipping fast and earning the right to be trusted with the keys. The next year is mostly about closing the second one.