A critical vulnerability called ForcedLeak has been discovered in Salesforce AgentForce, exposing the platform to AI-specific prompt injection attacks that could lead to data breaches. The issue affects organizations using Web-to-Lead forms, risking sensitive CRM data exposure and potential lateral system movement. #Salesforce #AgentForce #PromptInjection
Keypoints
- The ForcedLeak vulnerability exploits how AI agents process external data as executable instructions.
- Attackers can insert malicious payloads into Web-to-Lead forms, leading to unauthorized data access.
- Salesforce addressed the vulnerability by implementing security patches, including CSP policy enhancements.
- The flaw poses significant risks of data exposure, regulatory compliance issues, and reputational damage.
- Organizations using Salesforce AgentForce should be aware of the potential for lateral movement and delayed payload execution.
Read More: https://thecyberexpress.com/forcedleak-agentforce-vulnerability/