"Prompt injection and an expired domain could have been used to target Salesforce's Agentforce platform for data theft. The attack method, dubbed ForcedLeak, was discovered by researchers at Noma Security, a company that recently raised $100 million for its AI agent security platform. Salesforce Agentforce enables businesses to build and deploy autonomous AI agents across functions such as sales, marketing, and commerce."
"These agents act independently to complete multi-step tasks without constant human intervention. The ForcedLeak attack method identified by Noma researchers involved Agentforce's Web-to-Lead functionality, which enables the creation of a web form that external users such as conference attendees or individuals targeted in a marketing campaign can fill out to provide lead information. This information is saved into the customer relationship management (CRM) system."
Prompt injection and an expired domain could have been used to target Salesforce's Agentforce platform for data theft. The attack method, dubbed ForcedLeak, was discovered by researchers at Noma Security, a company that recently raised $100 million for its AI agent security platform. Salesforce Agentforce enables businesses to build and deploy autonomous AI agents across functions such as sales, marketing, and commerce. These agents act independently to complete multi-step tasks without constant human intervention. ForcedLeak exploited Agentforce's Web-to-Lead functionality by creating web forms that external users can fill out to provide lead information, which is saved into the CRM system, enabling potential exfiltration of submitted data.
Read at DataBreaches.Net
Unable to calculate read time
Collection
[
|
...
]