A now-fixed flaw in Salesforce’s Agentforce could have allowed external attackers to steal sensitive customer data via prompt injection, according to security researchers who published a proof-of-concept attack on Thursday. They were aided by an expired trusted domain that they were able to buy for a measly five bucks.

Agentforce is the CRM giant's tool for creating AI agents to automate various tasks. The vulnerability stems from a DNS misconfiguration within the agentic AI platform.

Salesforce has already released patches that prevent AI agents from retrieving CRM records and sending them to outside attackers. This new vulnerability, dubbed "ForcedLeak", illustrates another way that AI-integrated business tools – without human oversight – can be abused, Noma Security research lead Sasi

See Full Page