📈 Read the 2025 Salesforce Threat Landscape Report
Back to blog

Dreamforce PREview: Why security is set to steal the show

Security takes center stage at Dreamforce 2025. From high-profile breaches to Salesforce’s new CrowdStrike partnership, this year’s focus is on trust, resilience, and responsible innovation. I’ll be exploring how Agentforce and Data Cloud are evolving—and how customers can stay secure while embracing what’s next.

Graham Smith October 10th, 2025

As we head into Dreamforce 2025, one thing is clear — this year, Salesforce security isn’t just another track. It’s a major story.

Over the past year, organized cybercrime groups have successfully targeted enterprise Salesforce environments, with stolen data surfacing on the dark web. Add lawsuits from global brands like Adidas and L’Oréal, and the conversation has shifted from “someday” to right now. From my perspective, this is shaping up to be the most security-focused Dreamforce yet. And rightly so.

Why this matters now

Dreamforce is about connection — the  networking, inspiration — but you can’t just focus on the rewards. Security might not be the life of the party, but it’s what separates truly trusted companies from the rest. For me, Dreamforce is about moving from fear to readiness: understanding what’s behind the recent attacks and what must be addressed today.

In a recent webinar, I sat down with Karmina Aquino, our Threat Intelligence Lead, to unpack the surge in Salesforce breaches. As Karmina explained:

“A group tracked as UNC 6040 posed as IT personnel and guided users into authorizing a connected app they controlled — like Data Loader. Once users clicked Allow, the attackers pulled valid OAuth tokens and exported data directly through Salesforce’s APIs.”

These weren’t core-platform exploits. As Karmina put it:

“The weakness wasn’t in Salesforce’s core security — it was in how the attackers tricked people into giving them the keys.”

In other words, they didn’t break in; they logged in.

Why Salesforce is such a valuable target

Salesforce is far beyond CRM — it’s an operational backbone. Karmina again:

“It’s where high-value customer and sales pipeline data live… Once attackers have valid tokens, they can export records at scale, or even use Salesforce to deliver malicious content because employees and partners inherently trust it.”

That “trusted” status is why attackers love it — few expect a threat to come from inside their business apps.

Shared responsibility — and the quality gap

Salesforce has rolled out important changes (stricter approval for uninstalled connected apps; removal of the OAuth device flow used in the attacks). That’s progress — and a reminder of the shared responsibility model in SaaS. Salesforce provides controls and an ecosystem; customers decide how to apply deeper security.

This shared-responsibility model isn’t unique to Salesforce — it’s part of a broader shift toward cloud-first security across SaaS environments, where visibility and control must extend beyond the platform itself.

That’s where WithSecure Cloud Protection for Salesforce helps teams replicate existing zero-trust posture inside Salesforce — scanning files and URLs in real time, and adding identity signals so admins see risky users and compromised credentials early. Attackers aren’t brute-forcing; they’re using stolen credentials and approved tokens — making content scanning, identity monitoring, MFA and least-privilege essential, not optional.

Even with those controls in place, risks can creep in through human error or over-permissioning. As we’ve recently explored, unchecked access rights and excessive privileges often become the weakest link — not because of technology gaps, but because of process and governance issues.

WithSecure team members discussing Cloud Protection for Salesforce with visitors at the Dreamforce.

What I’ll be looking out for at Dreamforce 

Dreamforce 2025 feels different. Security isn’t a side note this year — it’s woven through nearly every track and keynote.

I’m particularly keen to see how Salesforce’s recently announced partnership with CrowdStrike and its new Security Agent and Security Data Fabric capabilities come to life. These moves show Salesforce taking security more seriously than ever, and I’ll be watching closely to see what that means in practice for customers and partners.

Beyond the product launches, I’m hoping to get into a few of the security-focused sessions that explore how organizations can innovate safely with Agentforce and Data Cloud without compromising trust. It’s a balance many customers are wrestling with right now — how to move fast while staying secure — and I’m looking for real-world examples of teams getting it right.

If you’re building your own agenda, start with the security filter in the Dreamforce session catalog. You’ll find a strong lineup across breakouts, theaters, and hands-on workshops focused on Agentforce guardrails, Data Cloud security, and admin best practices. A few I’ll be bookmarking:

  • Introducing Security Data Fabric: Unify Signals Across SilosA look at Salesforce’s new unified security data layer for faster detection and response.
  • Trust & Security at DreamforceA series of sessions covering admin techniques, securing Data Cloud for trusted AI, and steps to harden Agentforce implementations.

It’s not just about the technology for me, though. I’m just as interested in hearing from customers — how they’re improving their own Salesforce security outcomes and embedding security as a continuous quality function, not a one-off initiative.

Security at Dreamforce isn’t a moment. It’s a movement — and I’m looking forward to seeing how the conversation evolves this year.

Three things you can do right now

  • Audit connected apps — revoke unused or unrecognized OAuth access.
  • Enforce least-privilege — tighten user and integration scopes; add IP restrictions for integration users.
  • Make MFA non-negotiable — and monitor anomalies (new app approvals, unusual API usage, export spikes).

These aren’t flashy — but they’re foundational. They make every other security control more effective.

Looking ahead

“For all the new tech and partnerships, one truth remains: good outcomes are built on people, process, and technology — in that order. We’ll be at Dreamforce to help teams strengthen posture across all three — from real-time file/URL protection to identity-risk insights and practical governance checks.

If you’re looking to strengthen your own Salesforce environment, WithSecure Cloud Protection for Salesforce delivers that protection natively — without slowing productivity. Security shouldn’t block innovation; it should enable it.”

Catch us at Dreamforce 2025

Heading to Dreamforce? Come find us at booth #321 in the Campground for a Salesforce security conversation — and a glimpse at how we’re helping customers protect Agentforce and Data Cloud environments in real time.

See how we help secure your Salesforce environment with a free demo

Graham Smith
Graham Smith is an experienced sales and marketing professional with expertise in leading sales and marketing teams. He has worked at WithSecure since 2019 and leads global alliances with Salesforce and ecosystem partners. Graham lives in Buckinghamshire and enjoys spending time with his wife and two children and following the fortunes of Arsenal Football Club.