SecurityWeek

Salesforce AI Hack Enabled CRM Data Theft

Prompt injection has been leveraged alongside an expired domain to steal Salesforce data in an attack named ForcedLeak.
The Hacker News

Salesforce Patches Critical ForcedLeak Bug Exposing CRM Data via AI Prompt Injection

ForcedLeak flaw in Salesforce Agentforce allows data exfiltration via indirect prompt injection; Salesforce issues patch.