Autonomous AI agents that can interpret prompts, act on business data, and interact with users across channels like Slack, email, and WhatsApp? That’s transformational.
But with that transformation comes hype — and not all Agentforce security claims are accurate.
In a recent LinkedIn Live conversation with Connor Casey, Head of Customer Success & Pre-Sales, and Tapas Tripathi, Salesforce Engineer & Architect, we separated hype from reality and explored how to secure Agentforce from day one.
Agentforce in Salesforce is not end-to-end “secure by default”
Agentforce may be native to Salesforce, but that doesn’t mean it’s automatically safe.
Like all AI in Salesforce, it follows the shared responsibility model. Salesforce provides platform safeguards, such as the Einstein Trust Layer, but you as the customer control the configuration, access, and the Salesforce data governance on your end.
According to the Salesforce State of IT: Security Report, 79% of security leaders believe AI-driven threats will soon outpace traditional defenses.
Data security should not be viewed as some necessary evil or a checking-the-box exercise. It’s the catalyst for trust and innovation.
You must decide:
- How Agentforce accesses Salesforce data
- What each AI agent is allowed to do
- What guardrails and permissions are in place
Without proper governance, AI agents can increase exposure to Salesforce attack vectors — including phishing in Salesforce, data leakage, and malware resurfacing.
“AI agents are powerful, but they need guardrails, oversight, and a clear security strategy, because when an agent goes off script, it’s not a glitch, it’s a business risk,” says Connor Casey, Head of Customer Success & Pre-Sales.
Key Agentforce security risks
Agentforce doesn’t rewrite Salesforce’s security model — but it amplifies both benefits and risks.
- Social engineering: Agents could act on malicious prompts.
- Malware resurfacing: An agent might retrieve infected files from legacy records.
- Prompt injection attacks: Crafted inputs could bypass expected behavior.
- Data leakage: Cross-channel integrations could expose sensitive data.
These aren’t new threats — but AI’s speed, autonomy, and cross-platform reach make them harder to detect and contain. For real-world examples, read about Agentforce security against cyber threats.
How to deploy Agentforce securely — the secure-by-design model
The Secure-by-Design framework for Agentforce security in Salesforce follows four essential phases: Build, Validate, Deploy, and Monitor. Each phase is designed to minimize AI agent risks and strengthen your overall Salesforce security posture.
1. Build
Be clear on what each agent is for. Give it one well-defined job, write prompts that leave little room for misinterpretation, and make sure the access scope matches the intent. (Less is better here.)
2. Validate
Test before you trust. Review the training data, run simulations of how the agent responds. Spotting hallucinations or odd behavior early saves you trouble later.
3. Deploy
Keep it contained. Launch agents in controlled environments, give them only the permissions they actually need, and log events so you know what they’ve done.
4. Monitor
Stay on top of it. Track how agents are being used. Monitor threats in agent activities.
This way, security becomes part of how you build and run Agentforce.
Common Salesforce security pitfalls with Agentforce
When securing Agentforce in Salesforce, three mistakes appear again and again.
The first is over-permissioning — because AI agents inherit the same user access rights as the accounts they run under, excessive privileges can dramatically increase your exposure. The second is relying on dirty or outdated data. Old case records can reintroduce security threats, from malware-laced attachments to flawed recommendations that undermine decision-making.
Finally, many teams make the mistake of delaying security implementation. If you wait until after go-live, you risk immediate exploitation as agents interact with real data and users from day one.
Native threat protection for Agentforce
One of the most effective ways to close these gaps is to add native threat protection that works inside Salesforce itself.
WithSecure Cloud Protection for Salesforce provides real-time Agentforce threat detection, stopping malicious files, phishing links, and ransomware before they ever reach users or agents. It also secures Salesforce AI agent interactions across Slack, WhatsApp, and email — without middleware or delays — and integrates with identity protection tools to flag compromised accounts acting through agents.
“Salesforce gives you the tools, and Agentforce gives you intelligent automation. But it’s up to you how you build it — and that determines your security posture.” – Tapas Tripathi, Salesforce Engineer & Architect.
Expert tips for secure Agentforce deployment
From real-world implementations, and drawing from from AI deployment frameworks, a few best practices stand out:
- Give each agent one clear job, rather than trying to make it multi-purpose.
- Apply strict guardrails at setup, and always test in sandbox before deployment.
- Once in production, audit agent responses regularly to spot anomalies early
- Make AI security governance part of your team’s ongoing training.
Salesforce AI agents demand a security-first mindset
Agentforce is a new operational model for AI in business platforms.
Your competitive advantage won’t come from launching it first, but from deploying it securely.
🎥 Watch the full conversation with Connor and Tapas to explore Agentforce security best practices, myths and realities.
