Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Salesforce Agentforce Trusted URLs mitigation

Advisory/Mitigation
First reported
Last updated
Happening score
H score 22
1 unique sources, 1 articles

Summary

Hide ▲

Salesforce issued mitigation guidance for Agentforce after researchers showed prompt-injection paths could drive CRM data exfiltration through external links and forms. The recommended fix is to add any relied-on external URLs to the Salesforce Trusted URLs list or to the AI agent's instructions, reducing the attack surface for malicious prompts. The guidance targets organizations using Web forms and other external URL workflows that agents may process.

Related Happenings

OpenClaw skills delivering infostealer malware to macOS and Windows systems

Malware Activity
First: 03.02.2026 18:30 Last: 03.02.2026 18:30 Sources 1

About this happening: Researchers identified **386 malicious OpenClaw skills** that pose an active infostealer risk to **macOS** and **Windows** users. The skills impersonate crypto-trading automation...

Open Happening

ForcedLeak prompt injection against Salesforce Agentforce via Web-to-Lead CRM exfiltration

Technical Analysis
First: 25.09.2025 19:15 Last: 25.09.2025 19:15 Sources 1

How related: In keeping with all of the other prompt injection proofs-of-concept (PoCs) coming out these days, Noma has named its trick "ForcedLeak."

About this happening: **Salesforce Agentforce** was shown to be vulnerable to **ForcedLeak**, a **prompt-injection** technique that abuses **Web-to-Lead** forms to push **CRM data exfiltration** throug...

Open Happening

Salesforce Agentforce Web-to-Lead indirect prompt injection ForcedLeak security flaw

Vulnerability
First: 25.09.2025 18:17 Last: 25.09.2025 18:17 Sources 1

About this happening: A **critical** **ForcedLeak** flaw in **Salesforce Agentforce** can let attackers use **indirect prompt injection** to exfiltrate sensitive **CRM data**, especially where **Web-to...

Open Happening

Salesforce Agentforce and Einstein AI URL allowlist patch

Security Patch Release
First: 25.09.2025 18:17 Last: 25.09.2025 18:17 Sources 1

About this happening: **Salesforce** rolled out patches for **Agentforce** and **Einstein AI agents** to enforce a **URL allowlist**, reducing the chance that **prompt-injection-driven output** can be...

Open Happening

Timeline

  1. 25.09.2025 21:04 2 articles · 8mo ago

    Salesforce advises Agentforce Trusted URLs hardening

    Mitigation Patch Update

    Salesforce advised Agentforce users to add any relied-on external URLs to the Salesforce Trusted URLs list or to the AI agent's instructions, including external feedback forms, external knowledge bases, and other third-party websites, to narrow a prompt-injection path that could exfiltrate CRM data.

    Show sources
    Open in new tab