Salesforce AI Hack Enabled CRM Data Theft

Prompt injection and an expired domain could have been used to target Salesforce’s Agentforce platform for data theft.

The attack method, dubbed ForcedLeak, was discovered by researchers at Noma Security, a company that recently raised $100 million for its AI agent security platform.

Salesforce Agentforce enables businesses to build and deploy autonomous AI agents across functions such as sales, marketing, and commerce. These agents act independently to complete multi-step tasks without constant human intervention.

The ForcedLeak attack method identified by Noma researchers involved Agentforce’s Web-to-Lead functionality, which enables the creation of a web form that external users such as conference attendees or individuals targeted in a marketing campaign can fill out to provide lead information. This information is saved into the customer relationship management (CRM) system.

The researchers discovered that attackers can abuse forms created with the Web-to-Lead functionality to submit specially crafted information, which when processed by ...