malware Archives - Cloud Protection for Salesforce by WithSecure™

Helsinki, Finland – September 2025 — Enterprises are racing to adopt Salesforce Agentforce. In doing so, they are opening their platforms to customers, partners and other third parties using AI agents to automate customer conversations, workflows, and data processing at unprecedented speed.

But that speed also creates a new risk: attackers could use agentic AI to push malicious files and links through Salesforce without malware protection.

Traditional email or endpoint tools don’t protect Salesforce. Since Salesforce doesn’t scan files and links for cyber threats, organizations face a blind spot in one of their most business-critical platforms — and must prepare for new types of AI-driven attacks.

“AI adoption has accelerated faster than most security controls,” said Juhana Autio, General Manager and VP at WithSecure Cloud Protection for Salesforce. “The question now is: how do you secure and manage your AI agents? That’s what enterprises are asking us — and what we have set out to answer.”

Securing agentic AI at scale

WithSecure announced a security extension to its Cloud Protection for Salesforce solution, delivering native real-time malware and phishing protection for Agentforce. The extension works inside Salesforce to stop malicious files, links, and agent actions, thereby securing the Salesforce environment and preventing breaches.

The new solution provides the enterprise-level protection needed to Agentforce:
- Securing Agentforce workflows: Automatically scans and protects all files and URLs in Agentforce workflows.
- Compliance: An enterprise-grade solution built for the most demanding environments across industries.
- Native integration: Ensures protection without interrupting or slowing down Agentforce workflows.
Closing the security gap

As Agentforce processes more files, links, and actions through Salesforce, phishing and malware risks increase. “Salesforce is both a valuable target and a powerful channel for attackers,” Autio added. “If you’re not inspecting what your AI agents touch, you’re effectively blind to an entirely new attack surface.”

WithSecure’s native protection stops threats at the source without slowing AI operations.

Availability

The Agentforce extension is now available on Salesforce AgentExchange and AppExchange to all WithSecure Cloud Protection customers as part of existing licenses.

For more information, visit: https://cloudprotection.com/protection-for-agentforce/

Press contact: Elisa Mustonen: elisa.mustonen@withsecure.com

About WithSecure™ Cloud Protection for Salesforce
WithSecure Cloud Protection for Salesforce safeguards your cloud environment against advanced cyber threats. You can run your digital business without disruption – free from ransomware, zero-day malware, viruses, trojans and phishing links. The bespoke solution is designed in close collaboration with Salesforce and managed directly from your Salesforce portal.
Your business doesn’t just run in the cloud — it depends on it.

For years, cybersecurity strategies revolved around the corporate network and the devices inside it. Firewalls, antivirus tools, and endpoint detection formed the first line of defense. But business has changed. Today, the most valuable data — and the biggest vulnerabilities — are no longer at the network’s edge. They’re in the cloud.

Adopting a cloud-first security strategy is no longer optional. Cloud platforms aren’t just productivity tools anymore — they’ve become the operational core of most organizations. For many enterprises, that means Salesforce. As the world’s leading CRM, it doesn’t just manage customer data — it connects with ERP, marketing, analytics, and AI-driven workflows. That reach makes Salesforce both indispensable — and highly attractive to attackers.

Customer data, contracts, and intellectual property all live there, which makes security in SaaS environments a matter of business resilience. When protection isn’t prioritized where this data resides, the risk isn’t just technical — it’s strategic.

Why cloud-first security starts with your core platforms

Customer records, transactions, contracts, intellectual property — for many organizations, all of it is now hosted in cloud services. That’s exactly why attackers are aiming there. Compromise a cloud environment and you’ve gained a direct route into the business.

When that happens, the damage extends far beyond the breach itself. Trust, regulatory standing, and day-to-day operations can all take a hit.

Always-on environments demand always-on protection

Cloud systems never “clock off.” They’re accessible around the clock from anywhere in the world — great for productivity, but equally attractive to cybercriminals.
- Phishing attacks targeting CRM logins can enable long-term, stealthy access.
- Weak or unmonitored API connections can be exploited within minutes to pull or inject malicious data.
- Integrations without proper oversight can become silent entry points for malware.
In a world where you can’t shut the front door, detection and response must be constant.

Persistent targets, persistent risks

Endpoints change constantly — laptops get replaced, phones get upgraded, and bring-your-own-device policies add churn. But your cloud data environment is different: it’s fixed, highly valuable, and accessible.

In Salesforce, that persistence is even greater: overprivileged accounts, shadow access, and unmonitored integrations create openings that attackers can exploit. Once inside, they can extract sensitive records, manipulate workflows, or spread malicious files across partners and customers.

Upon getting access, attackers can:
- Extract sensitive information
- Manipulate workflows
- Spread malicious files to employees, partners, or customers
This persistence is exactly why security strategies must address persistent cloud threats that don’t disappear when a device is replaced.

The cost of catching threats too late

It’s almost always cheaper to stop a threat at the point of entry than to contain it after the fact. In cloud environments, once a malicious file is in place, it can be:
- Downloaded and executed locally
- Shared across supply chain partners or customers
- Synced into ERP, marketing, or analytics systems
By then, remediation is about more than technology — it involves compliance reporting, legal obligations, and reputational repair. Investing in cloud malware protection prevents these files from ever reaching end users or connected systems.

A shared responsibility you can’t outsource

Even with the most secure infrastructure, responsibility for what enters and moves through a cloud service sits with the customer – this is the essence of the shared responsibility model in cloud security. Salesforce secures the platform, but customers remain responsible for securing the data and workflows inside it. That includes files uploaded to cases, links shared in Chatter, or third-party app integrations that can deliver hidden threats. Without in-cloud scanning, these risks often go undetected until it’s too late.

Threats can arrive via:
- User uploads
- Third-party apps
- API integrations
- Links stored inside records or collaboration threads
Dormant malware — from PDFs with hidden code to malicious URLs — can sit unnoticed until the moment they’re triggered. In highly connected environments, one file can quickly become everyone’s problem.

A real-world example

In 2024, a retail brand discovered malware in its customer portal, embedded in PDF invoices uploaded through a cloud platform. Because the files were never scanned in the cloud, they were downloaded directly by finance staff, compromising multiple devices. The response required a portal shutdown, weeks of remediation, and a compliance review. It was a clear reminder that endpoint defenses alone aren’t enough. Incidents like this highlight the need for Salesforce-native protection that blocks threats before they reach users.

The Salesforce State of IT Security Report surveyed over 4,000 IT leaders worldwide, including more than 2,000 security specialists. Key findings included:
- Security budgets are rising, with 75% of organizations planning increases.
- Cloud security threats now rank alongside phishing and data poisoning as top concerns.
- AI is both a tool and a risk, with 80% viewing it as transformative but difficult to govern.
- Governance gaps persist, with nearly half lacking the infrastructure for safe AI adoption.
The takeaway: a cloud-first security strategy isn’t just about protecting “the cloud” in general. It’s about protecting your most business-critical SaaS environments — starting with Salesforce. By detecting and blocking threats in real time, you reduce remediation costs, preserve trust, and ensure resilience where it matters most.

Why a cloud-first approach works

By focusing protection where your most critical data actually resides, you:
- Block threats before they spread
- Reduce the cost and impact of remediation
- Minimize downtime and operational disruption
- Preserve the trust of customers and partners
With in-cloud threat detection, attacks can be stopped before they spread to endpoints or other systems. A cloud-first security strategy isn’t about abandoning traditional defenses — it’s about aligning them with the way business works today.

Securing agentic AI at scale

Closing the security gap

Availability

Product

Resources

Company

Support

Securing agentic AI at scale

Closing the security gap

Availability

Why cloud-first security starts with your core platforms

Always-on environments demand always-on protection

Persistent targets, persistent risks

The cost of catching threats too late

A shared responsibility you can’t outsource

A real-world example

Why a cloud-first approach works