Notifications
Clear all
Topic starter
16/01/2026 1:55 pm
Executive Summary
Noma Security has uncovered ForcedLeak, a high-severity vulnerability (CVSS 9.4) in Salesforce Agentforce that risks sensitive CRM data exfiltration via indirect prompt injection attacks. This discovery highlights how AI agents create a broader attack surface compared to traditional systems. Salesforce has swiftly addressed the issue with patches preventing data from being sent to untrusted URLs. The research underscores the unique security challenges posed by AI systems, emphasizing the importance of continuous monitoring and rapid response.
Read the full article from Noma Security here for comprehensive insights.
Key Insights
Understanding ForcedLeak
- ForcedLeak is identified as a critical vulnerability that allows attackers to exploit Salesforce’s Agentforce platform.
- This vulnerability received a CVSS score of 9.4, indicating its critical nature and potential impact on user data.
Unique Threats from AI Agents
- AI agents differ from traditional chatbots by having a more complex attack surface that includes internal memory and executable tools.
- The research emphasizes that vulnerabilities in AI systems can lead to broader exploitation opportunities than previously understood.
Salesforce’s Responsive Action
- Upon learning of the ForcedLeak vulnerability, Salesforce promptly initiated an investigation.
- Patches have been released to prevent agent outputs from reaching untrusted URLs, mitigating immediate risks.
Implications for Future AI Security
- The findings serve as a warning about the evolving challenges in AI security, urging organizations to strengthen their defenses.
- Continuous evaluation and monitoring of AI systems are essential to ensure data integrity and prevent breaches.
Access the full expert analysis and actionable security insights from Noma Security here.
