Vendors and modelsDeployer
Salesforce AI failures
Every documented AI failure involving Salesforce on the AI Failure Index, classified by the mechanism that broke.
- Failures
- 2
- Highest severity
- Catastrophic
- Span
- 2025 to 2026
- Failure modes
- 1
ForcedLeak prompt injection let attackers exfiltrate CRM data from Salesforce Agentforce
ForcedLeak is a CVSS 9.4 vulnerability chain discovered by Noma Security in Salesforce Agentforce that enabled external attackers to exfiltrate sensitive CRM data through indirect prompt injection. An attacker submitted malicious instructions via a Web-to-Lead form, which were later executed by Agentforce when an employee queried the lead data. The attack combined prompt injection, agent overreach, and a CSP misconfiguration involving an expired whitelisted domain to silently transmit stolen data.
- Confidence
- High (multi-source, primary)
PipeLeak prompt injection let attackers exfiltrate Salesforce Agentforce CRM data via forms
Capsule Security disclosed PipeLeak, an indirect prompt injection vulnerability in Salesforce Agentforce, on April 15, 2026. An external attacker could submit malicious instructions via a public CRM lead form, causing the Agentforce agent to retrieve sensitive lead data and send it to the attacker by email. Salesforce stated it remediated the specific scenario and characterized the issue as configuration-specific rather than a platform-level vulnerability.
- Confidence
- High (multi-source, primary)
See how Realm catches these failure modes at runtime, before they reach production.
Book a Demo