ForcedLeak Fiasco: How an Expired Domain Almost Turned Salesforce’s Agentforce into a Data Buffet

Prompt injection and an expired domain nearly turned Salesforce’s Agentforce into a data thief’s playground! Researchers at Noma Security discovered the ForcedLeak attack, revealing how mischievous forms could trick AI agents into spilling CRM secrets faster than you can say “data breach.” Thankfully, Salesforce patched it up before things got too wild.

3P
Published: September 25, 2025 4:24 pmAdded: September 25, 2025 at 9:44 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Alert the data guardians! It seems that Salesforce’s AI agents were caught playing a game of “hot potato” with sensitive information, but instead of passing it to a friend, they were about to chuck it over to their new imaginary friend, Mr. Expired Domain. Thanks to some sharp-eyed researchers, this game got called off before it could cause any serious spills!

Key Points:

  • The “ForcedLeak” attack targets Salesforce’s Agentforce platform.
  • Exploits Web-to-Lead functionality to inject malicious payloads.
  • Potential to exfiltrate data to an attacker’s server.
  • An expired Salesforce domain could have facilitated undetected data theft.
  • Salesforce has since secured the domain and patched the vulnerability.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?