Salesforce patched a vulnerability involving its Agentforce agentic artificial intelligence tool that would have allowed attackers to steal customer data and leads being stored in the CRM system. A report from AI security platform vendor Noma Labs details a chain of indirect prompt injection vulnerabilities it discovered and dubbed ForcedLeak. Researchers reported the flaw to the CRM giant on July 28, calculating that it would have a CVSS-equivalent score of 9.4. https://www

Salesforce executives for much of the year have reiterated that an onslaught of cyberattacks on a range of its partners was not due to any weaknesses in the software-as-a-service (SaaS) giant’s cybersecurity operations. Apparently, almost two dozen of customers of those partners disagree. Salesforce reportedly is the target of at least 14 lawsuits filed in the federal court of Northern California in connection with the intrusions by bad actors and the theft of data. According

Salesforce Inc. has been at the forefront of the race to adopt agentic artificial intelligence over the past six months or so, with its Agentforce platform spearheading a push to accelerate automation across dozens of industries. Now, the company is turning its attention to the healthcare and pharmaceutical sectors with its new Life Sciences Cloud for Customer Engagement platform, which aims to transform the way life sciences companies interact with healthcare professional

Salesforce Web forms can be manipulated by the company's "Agentforce" autonomous agent into exfiltrating customer relationship management (CRM) data — a concerning development as legacy software-as-a-service (SaaS) providers race to integrate agentic AI into their platforms to zhuzh up the user experience and generate buzz among investors. https://www.darkreading.com/vulnerabilities-threats/salesforce-ai-agents-leak-sensitive-data

Salesforce is being pressured to go on the offensive in security after an increased rate of cyberattacks in recent months. Seemingly in response to these attacks, Salesforce has announced a partnership with cybersecurity expert CrowdStrike.  In a statement released last Wednesday, the two companies confirmed that they would be building a new strategic partnership to increase Salesforce’s security of AI agents, applications, and mission-critical workflows.  The collaboration w

A sophisticated cyberattack has embroiled a chunk of corporate America this year, in which hackers gained access to companies’ Salesforce accounts and then grabbed reams of customer data. Now, a cadre of the customers are taking the San Francisco tech giant to court. https://www.sfgate.com/tech/article/salesforce-14-lawsuits-rapid-succession-21067565.php

The attack method, dubbed ForcedLeak , was discovered by researchers at Noma Security , a company that recently raised $100 million for its AI agent security platform. Salesforce Agentforce enables businesses to build and deploy autonomous AI agents across functions such as sales, marketing, and commerce. These agents act independently to complete multi-step tasks without constant human intervention. The ForcedLeak attack method identified by Noma researchers involved Agentfo

A newly disclosed critical vulnerability in Salesforce’s Agentforce platform could trick the AI agent into leaking sensitive CRM data through indirect prompt injection. Researchers at Noma Security, who identified the bug dubbed “ForcedLeak,” said in a blog post shared with CSO ahead of its publication on Thursday that it could be exploited by attackers inserting malicious instructions into a routine customer form. https://www.csoonline.com/article/4063044/vulnerability-in-s

Cybersecurity researchers have disclosed a critical flaw impacting Salesforce Agentforce , a platform for building artificial intelligence (AI) agents, that could allow attackers to potentially exfiltrate sensitive data from its customer relationship management (CRM) tool by means of an indirect prompt injection. The vulnerability has been codenamed ForcedLeak (CVSS score: 9.4) by Noma Security, which discovered and reported the problem on July 28, 2025. It impacts any organ

Since Salesforce's founding in 1999, the company's executive team has made trust the top priority for the organization and its employees. In a post titled "Trust is our #1 value," the company states that "our trust-first culture is based on ensuring that our customers know their data is safe, and theirs -- to be accessed when, where, and how they intend."  https://www.zdnet.com/article/battered-by-cyberattacks-salesforce-faces-a-trust-problem-and-a-potential-class-action-law