Salesforce AI Hack Enabled CRM Data Theft

A disturbing discovery has been made by researchers at Noma Security, a company that recently secured $100 million in funding for its AI agent security platform. The team identified an exploit, dubbed ForcedLeak, which could be used to target Salesforce's Agentforce platform and steal sensitive data.

Agentforce is a powerful tool designed to enable businesses to build and deploy autonomous AI agents across various functions such as sales, marketing, and commerce. These agents operate independently, completing complex tasks without the need for constant human intervention. However, this level of autonomy also presents a significant security risk.

The ForcedLeak attack method was uncovered by Noma researchers, who found that it could be used to exploit Agentforce's Web-to-Lead functionality. This feature allows users to create web forms that external individuals, such as conference attendees or targeted marketing campaign recipients, can fill out to provide lead information. This data is then saved into the customer relationship management (CRM) system.

The vulnerability lies in the fact that the domain associated with Agentforce's Web-to-Leak functionality had expired. Researchers discovered that prompt injection attacks could be used to manipulate this feature and gain unauthorized access to sensitive CRM data. The malicious actor could potentially use this exploit to steal valuable information, such as customer contact details or sales data.

Fortunately, the discovery of ForcedLeak has highlighted the need for improved security measures in AI-powered systems like Agentforce. Salesforce has not yet commented on the incident, but experts are urging businesses to take immediate action to protect themselves against similar attacks.