Summary of the ForcedLeak Vulnerability in Salesforce Agentforce
Noma Labs has identified a critical vulnerability, ForcedLeak (CVSS 9.4), within Salesforce’s Agentforce. This weakness enables external attackers to exfiltrate sensitive CRM data via an indirect prompt injection attack. Here’s what you need to know:
- Expanded Attack Surface: Unlike traditional chatbots, AI agents like Agentforce present a broader range of vulnerabilities, including their knowledge bases and executable tools.
- Immediate Salesforce Action: Salesforce quickly implemented patches to block outputs to untrusted URLs, mitigating immediate risks for users.
- Affected Users: Organizations utilizing Agentforce, especially in sales and marketing workflows, are at significant risk of data exposure.
Key Recommendations:
- Enforce Trusted URLs for AI interactions.
- Audit existing lead data for suspicious activity.
- Implement stringent input validation to prevent prompt injections.
The ForcedLeak discovery underscores the need for robust AI security practices. Don’t let your AI agents become vulnerabilities—schedule a demo with Noma to fortify your defenses!
Feel free to share this important information with your network!
