Salesforce Patches CRM Data Exfiltration Vulnerability

Agentforce Agentic AI Tool Was Exposed to Indirect Prompt Injection Attacks Mathew J. Schwartz (euroinfosec) • September 26, 2025

Salesforce patched a vulnerability involving its Agentforce agentic artificial intelligence tool that would have allowed attackers to steal customer data and leads being stored in the CRM system.

See Also: OnDemand | Navigate the threat of AI-powered cyberattacks

A report from AI security platform vendor Noma Labs details a chain of indirect prompt injection vulnerabilities it discovered and dubbed ForcedLeak. Researchers reported the flaw to the CRM giant on July 28, calculating that it would have a CVSS-equivalent score of 9.4.

Salesforce said it investigated the vulnerability and put fixes in place by Sept. 8 for its Agentforce agentic AI toolbuilder as well as its Einstein generative AI tool.

"Salesforce is aware of the vulnerability reported by Noma and has released patches that prevent output in Agentforce agents from being ...