SecurityWeek

Salesforce AI Hack Enabled CRM Data Theft

Prompt injection has been leveraged alongside an expired domain to steal Salesforce data in an attack named ForcedLeak.
The Register on MSN

Prompt injection – and a $5 domain – trick Salesforce Agentforce into leaking sales

More fun with AI agents and their security holes A now-fixed flaw in Salesforce’s Agentforce could have allowed external ...
HealthcareInfoSecurity

Salesforce Patches CRM Data Exfiltration Vulnerability

Salesforce has patched a vulnerability involving its Agentforce agentic artificial intelligence tool, discovered by ...
The Hacker News

Salesforce Patches Critical ForcedLeak Bug Exposing CRM Data via AI Prompt Injection

ForcedLeak flaw in Salesforce Agentforce allows data exfiltration via indirect prompt injection; Salesforce issues patch.
Graham Cluley

Smashing Security podcast #437: Salesforce’s trusted domain of doom

Researchers uncovered a security flaw in Salesforce’s shiny new Agentforce. The vulnerability, dubbed “ForcedLeak”, let them ...
CSOonline

Vulnerability in Salesforce AI could be tricked into leaking CRM data

Salesforce Agentforce allowed attackers to hide malicious instructions in routine customer forms, tricking the AI into exposing sensitive CRM data. A newly disclosed critical vulnerability in ...
MarTech on MSN

How the Salesforce Lead Object broke B2B marketing (and how to fix it)

B2B marketing and sales have long been at odds. Sales teams frequently criticize the quality of leads they receive, while ...