AI-powered agents are now able to autonomously map Salesforce Experience Cloud attack surfaces, identify vulnerabilities, write exploits, and extract sensitive data without human guidance. Reco’s research showed real-world impact on organizations like Aegis Security and Helios, exposing broken access control, SOQL injection, and confidential file access. #AegisSecurity #Helios #SalesforceExperienceCloud #PartnerPortalOnboardingController #BlogDetailController #AuraInspector #Reco
Keypoints
- LLMs can automate reconnaissance, analysis, exploitation, and validation end to end.
- The agent mapped Salesforce objects, Apex methods, routes, and files from only a URL.
- Aegis Security had a guest-accessible method that exposed full Contact and Account data.
- Helios had a SOQL injection that enabled blind extraction of employee and customer data.
- The research also found exposed confidential files and highlighted risky use of without sharing.
Read More: https://thehackernews.com/expert-insights/2026/06/hacking-salesforce-sites-with-llm-agent.html