Prompt injection – and a $5 domain – trick Salesforce Agentforce into leaking salesMore fun with AI agents and their security holesA now-fixed flaw in Salesforce’s Agentforce could have allowed external attackers to steal sensitive customer data via prompt injection, according to security researchers who published a proof-of-concept attack on Thursday. They were aided by an expired trusted domain that they were able to buy for a measly five bucks.Agentforce is the CRM giant's tool for creating AI agents to automate various tasks. The vulnerability stems from a DNS misconfiguration within the agentic AI platform.Salesforce has already released patches that prevent AI agents from retrieving CRM records and sending them to outside attackers. This new vulnerability, dubbed "ForcedLeak", illustrates another way that AI-integrated business tools – without human oversight – can be abused, Noma Security research lead Sasi Levi said in a Thursday blog.
pull down to refresh
related posts