Forcedleak And The Future Of AI Agent Security
Varonis, October 2,2025
ForcedLeak exposes Salesforce Agentforce to silent CRM data theft via prompt injection, agent overreach, and CSP misconfig. Mitigate now.
ForcedLeak is a critical vulnerability chain in Salesforce's Agentforce platform that enables attackers to exfiltrate sensitive CRM data through indirect prompt injection. This exploit is not theoretical - it's operational, scalable, and actively exploitable in environments where autonomous AI agents process external data without proper context boundaries or input validation.
The attack leverages prompt injection, agent overreach, and a misconfigured Content Security Policy (CSP) to silently extract internal data. If your organization uses Salesforce Agentforce with Web-to-Lead functionality enabled, this is a high-priority threat that demands immediate action.