TL;DR

Salesforce Agentforce introduces autonomous AI agents that can reason, act, and execute workflows across Salesforce environments. These agents go beyond traditional AI features by operating continuously and taking action without real-time human input.

That capability fundamentally changes the Salesforce risk surface.

Agentforce agents can access CRM data, update records, trigger flows, and interact with integrated systems based on delegated permissions. When access boundaries, sharing settings, or integrations are overly broad, agents can unintentionally amplify exposure across customer data, internal operations, and connected SaaS platforms.

Salesforce Agentforce security is not about securing the AI model itself. It is about governing how autonomous agents authenticate, what data they can access, and how their activity is monitored over time.

What is Salesforce Agentforce?

Salesforce Agentforce is a framework for building and deploying autonomous AI agents within Salesforce. These agents can operate across Salesforce clouds, custom objects, flows, Apex logic, and approved integrations.Agentforce agents are designed to:

  • Operate continuously rather than per prompt
  • Act on behalf of users, roles, or business functions
  • Access Salesforce data based on existing permissions
  • Trigger workflows and automations
  • Interact with external systems through integrations

From a security perspective, Agentforce agents behave like non-human identities with persistent access and decision-making capability.

How Salesforce Agentforce Fits into Salesforce’s Security Model

Agentforce operates within Salesforce’s established enterprise security architecture, including profiles, permission sets, sharing rules, and role-based access controls. It is also positioned within Salesforce’s Einstein Trust Layer, which provides guardrails for trusted AI use.Salesforce is responsible for securing the underlying platform and providing AI trust controls. Organizations remain responsible for:

  • Configuring permissions and sharing
  • Defining which data agents can access
  • Governing integrations and automation
  • Monitoring agent activity
  • Managing agent lifecycle and ownership

This shared responsibility model is critical to understanding Agentforce risk.

How Agentforce Changes the Nature of Salesforce Risk

Continuous Execution Without Human Approval

Once deployed, Agentforce agents do not pause for approval before acting. They execute workflows automatically based on configuration and context, removing an important checkpoint that traditional Salesforce security models rely on.

Amplification of Existing Permissions

Agentforce agents do not bypass Salesforce permissions. Instead, they aggressively use whatever access already exists. Over-permissioned roles, inherited sharing, or broad object access can quickly become high-impact exposure when agents act continuously.

Integration and Automation Blast Radius

Agentforce agents can interact with Salesforce integrations and APIs. A single agent may influence multiple workflows and systems, expanding blast radius if access is misconfigured or poorly governed.

Key Salesforce Agentforce Security Risks

Over-Permissioned Agent Access

Agents are often granted broad permissions to ensure functionality, and those permissions are rarely revisited.

Limited Visibility Into Agent Activity

Standard logs capture events but often lack context into whether agent-driven actions are expected or risky.

Shadow Agentforce Deployments

Agents may be created by admins or developers without centralized security review or inventory.

Unclear Ownership and Accountability

Security teams may struggle to identify who owns an agent, why it exists, or when it should be reviewed.

Data Exposure Through Automation

Agents can summarize, transform, or move Salesforce data automatically, increasing the risk of unintended exposure.

Why Native Salesforce Controls are Necessary but Insufficient

Salesforce provides strong foundational controls, including permission models, audit logs, and event monitoring. These are essential, but they were designed primarily for human users and intentional actions.Agentforce introduces autonomous behavior that requires:

  • Ongoing visibility rather than point-in-time reviews
  • Access evaluation beyond static permission checks
  • Clear ownership and lifecycle management for non-human actors

Without additional governance, risk can accumulate quietly over time.

What Effective Salesforce Agentforce Security Looks Like

Discover Agentforce Usage Continuously

Security teams need visibility into:

  • Which Agentforce agents exist
  • Where they operate
  • What objects and workflows they touch
  • Which integrations they rely on

Discovery must be continuous, not a one-off event.

Treat Agentforce Agents as Non-Human Identities

Agents should be governed similarly to service accounts:

  • Scoped permissions
  • Explicit ownership
  • Defined lifecycle
  • Regular access review

Monitor Agent Behavior Over Time

Security teams should evaluate what agents actually do, not just what they were designed to do. Monitoring behavior over time helps surface drift, misuse, and unintended impact early.

Reduce Risk With Flexible Remediation

Effective security enables teams to:

  • Adjust permissions safely
  • Constrain access without breaking workflows
  • Disable risky automations or integrations
  • Apply a variety of remediation options including automated workflows

This approach reduces exposure while preserving business operations.

Salesforce Agentforce Security in the Broader SaaS Environment

Agentforce does not operate in isolation. It sits within a broader SaaS ecosystem that includes OAuth grants, integrations, non-human identities, and connected AI tools.

Securing Agentforce effectively requires understanding how agent access interacts with the wider SaaS environment, not just Salesforce configuration in isolation.

Final Thoughts: Securing Agentforce Without Slowing Salesforce Innovation

Salesforce Agentforce enables powerful automation and AI-driven efficiency, but it also introduces autonomous access patterns that traditional CRM security models were not built to manage.

Organizations that succeed with Agentforce will be those that understand where agents exist, what they can access, and how their behavior evolves over time. Security is not about disabling agents. It is about making agent access intentional, visible, and governed.

Valence helps security teams discover Agentforce agents, understand their access across Salesforce and connected SaaS platforms, and reduce exposure using flexible remediation approaches that align with how teams operate.

Schedule a demo to see how Valence helps organizations secure Salesforce Agentforce and AI-driven SaaS environments.

Frequently Asked Questions

1

What is Salesforce Agentforce security?

2

Are Agentforce agents considered non-human identities?

3

Does Agentforce bypass Salesforce permission controls?

4

Why are Agentforce agents harder to secure than traditional automations?

5

How can organizations secure Agentforce without disabling AI agents?

6

Is Salesforce Agentforce security only relevant for large enterprises?

Suggested Resources

What is SaaS Sprawl?
Read more

What are Non-Human Identities?
Read more

What Is SaaS Identity Management?
Read more

What is Shadow IT in SaaS?
Read more

Generative AI Security:
Essential Safeguards for SaaS Applications
Read more

See the Valence SaaS Security Platform in Action

Valence's SaaS Security Platform makes it easy to find and fix risks across your mission-critical SaaS applications

Schedule a demo
Diagram showing interconnected icons of Microsoft, Google Drive, Salesforce, and Zoom with user icons and an 84% progress circle on the left.
PlatformUse CasesResources
CompanyPartnersTrust Center
Stay Updated
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Schedule a Demo
Copyright © 2025 Valence Security | All Rights Reserved | Privacy Policy | Terms of Use |
Blue circular badge with 'AICPA SOC' text and URL 'aicpa.org/soc4so', indicating SOC for Service Organizations compliance.