Salesforce’s $5 Domain Drama: How a Cheap Expiry Almost Led to a Data Disaster

Salesforce’s Agentforce flaw, aptly named “ForcedLeak,” could have let attackers siphon sensitive data for the price of a coffee. Researchers exploited an expired domain bought for just $5 and used indirect prompt injection to fool AI agents into spilling secrets. Salesforce has now patched the hole, but the lesson remains: never underestimate a $5 vulnerability.

3P
Published: September 26, 2025 1:03 pmAdded: September 26, 2025 at 6:13 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Who knew that a five-dollar domain name could lead to a multi-million dollar headache? Salesforce’s Agentforce AI just learned that lesson the hard way. Let’s hope their next upgrade includes a course in domain-renewal best practices. ForcedLeak: come for the security breach, stay for the bargain shopping!

Key Points:

  • Salesforce fixed a vulnerability in its Agentforce AI that allowed sensitive data theft via prompt injection.
  • The exploit involved a DNS misconfiguration and an expired domain that researchers bought for $5.
  • The vulnerability, dubbed “ForcedLeak,” highlights risks in AI-integrated business tools.
  • Salesforce has implemented patches and trusted URL allow-lists to address the issue.
  • The flaw was considered critical, scoring 9.4 on the CVSS severity scale.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?