Critical ForcedLeak Flaw Exposed in Salesforce AgentForce
⚠️ Researchers at Noma Security disclosed a critical 9.4-severity vulnerability called ForcedLeak that affected Salesforce's AI agent platform AgentForce. The chain used indirect prompt injection via Web-to-Lead form fields to hide malicious instructions within CRM data, enabling potential theft of contact records and pipeline details. Salesforce has patched the issue by enforcing Trusted URLs and reclaiming an expired domain used in the attack proof-of-concept. Organizations are advised to apply updates, audit lead data for suspicious entries, and strengthen real-time prompt-injection detection and tool-calling guardrails.
