Researchers have identified a new attack method called ForcedLeak that exploits Salesforce’s Agentforce platform through prompt injection and domain expiration. This vulnerability highlights the risks of AI agents in enterprise environments and underscores the importance of domain management and security measures. #SalesforceAgentforce #PromptInjection
Keypoints
- The ForcedLeak attack exploits Salesforce’s Web-to-Lead forms to inject malicious prompts into AI agents.
- Attackers can cause AI agents to exfiltrate CRM data to remote servers by leveraging prompt injections.
- An expired trusted domain was used by attackers to mask data exfiltration, going unnoticed initially.
- Salesforce took steps to regain control of the domain and prevent future output leakage to untrusted sources.
- This attack illustrates the growing threat of AI-assisted data theft in enterprise systems.
Read More: https://www.securityweek.com/salesforce-ai-hack-enabled-crm-data-theft/