A critical vulnerability, named ForcedLeak, was discovered in Salesforce’s Agentforce AI platform by Noma Labs, scoring 9.4 on the CVSS scale. This vulnerability enabled potential external attacks to exfiltrate sensitive CRM data through a sophisticated indirect prompt injection method. The attack exploited insufficient context validation, excessive AI model permissions, and a loophole in the Content Security Policy (CSP). By embedding malicious commands in trusted data, attackers were able to manipulate the AI agent into executing these commands, compromising sensitive customer information. Salesforce has responded with patches to prevent such breaches, including enforcing Trusted URLs. To mitigate risks, organizations using Salesforce Agentforce must apply these updates, audit existing lead data for anomalies, and implement rigorous input validation. This incident underscores the unique vulnerabilities AI agents present compared to traditional systems. For ongoing cybersecurity updates, follow us on Google News, LinkedIn, and X.
