Secure Your Agentic AI Implementations Now

We all dream of having more time to spend with our dogs and goldfish...er, I mean, other humans, and artificial intelligence has the potential to simplify our work lives to make that possible. In the Salesforce world, that means Agentforce—an agentic AI that has organizations buzzing with excitement about all the time they’re going to save. But before we hand over the keys to these agents, it’s important to know exactly what’s going on beneath the surface to make sure they don’t crash the car (or cost your company a whole lot of money).

Agentforce’s agentic AI can generate responses, refine questions, and gather data, but most importantly, it can take actions in your Salesforce org—things like triggering flows, running through contracts for legal review, and initiating sales activities. This action-taking capability can really start to save time, but it also creates unique security considerations that go beyond simple data exposure to potential data manipulation.

There are some built-in guardrails that keep agents in line. One is the Einstein GenAI Trust Layer, which ensures that agents respect your org’s permission structure and mask private data when sent to model providers. It also implements zero data retention policies to ensure sensitive information isn’t used to train LLMs. There’s also the Data Cloud Vector Database, which makes unstructured data (PDFs, emails, even social media) available throughout your ecosystem while maintaining security through numerical value assignments rather than linguistic matches.

While you may be thinking, “Wow, this is great! Seems like the built-in guardrails have it covered!”—think again. One of the most important security controls is (that’s right) you.

You are responsible for making sure the agents are provided clear, specific instructions, not just for what they should do, but what they should not. For example, if your agent sends marketing communications, you’re going to want to include explicit instructions like “Do not email a contact or lead on which the Opt-out checkbox is marked true.” The CAN-SPAM Act can levy fines up to $53,088 per violation—that’s nearly $8 million if your agent spams 15,000 users. So maybe write out that guardrail with extra care.

Toxicity detection is another key element of those security guardrails. Salesforce has trained agents to identify potentially harmful content, including anything flagged as violent, sexual, inflammatory, offensive, hateful, or physically harmful. Toxicity detection for responses is enabled by default (and can’t be turned off), but detection for prompts is currently in beta and must be manually activated in Setup within the Einstein Trust Layer. I strongly recommend enabling this and running regular reports in Data Cloud to visualize toxicity trends. These reports can help you identify problematic patterns in user interactions and gaps in your configuration that need immediate attention.

Consider this hypothetical scenario: An agent configured without proper guardrails provides sensitive customer information to users lacking appropriate permissions. Beyond the potential fines, you now have to be concerned about how this will damage your company’s reputation. Meanwhile, a properly secured implementation can actually strengthen how secure your org is by ensuring that policy is applied consistently while reducing the opportunity for human error.

Remember that agents work like contractors. They complete tasks as instructed but may not identify risks unless explicitly directed to do so. They have the flexibility to reason, but guardrails set the parameters within which that reasoning happens. If you feed them garbage data, don’t be surprised when they spit out garbage responses.

The potential with AI is limitless, and we're only scratching the surface of how it can be used. Salesforce has successfully built a configurable way to add Agentforce to boost your business, automate tasks, and even work as your personal assistant. By thoughtfully balancing innovation with security controls, you can protect your customers, strengthen your brand, and most importantly, preserve your precious, precious sanity.

Alice Jessop is a certified Salesforce Sharing and Visibility Architect, Certified Canine Massage Therapist, and security expert who specializes in developing security models for Salesforce implementations. She currently works as a product owner on the Salesforce Success Central team at Amazon, supporting hundreds of Salesforce implementations of all varieties, shapes, and sizes.