EzProtect Advances Salesforce Data Security at TDX: Warns of AI Agent Risks

Salesforce Data Security Framework Critical for Reducing Operational Risks & Data Breaches 

During a recent presentation on building AI Agents That Scale, Matt Meyers, CEO & Co-Founder at EzProtect highlighted the shared responsibility model between Salesforce and customers when implementing AI agents, noting that while Salesforce provides the trust layer foundation, organizations must implement proper authentication, field-level security, and access controls to protect sensitive data. 

“What many Salesforce customers don’t realize is that unlike Prompt Builder, both Copilot and Agentforce send all PII exposed in each request to the large language model without masking,” said Matt Meyers, CTA, CEO and Co-Founder of EzProtect. “Even with Salesforce’s contractual protections against data storage in the language models, organizations must approach AI agent implementation with security as the primary consideration before functionality, or they risk exposing their most sensitive customer information to unprecedented new vectors of attack.” 

The continued practice of the well-architected framework remains essential for organizations seeking to reduce Salesforce data security gaps, according to recent discussions with Salesforce leadership. While per Salesforce, approximately 20-25% of new Salesforce development is already AI-assisted using Agentforce for Developers, ecosystem partners and industry experts caution that fundamental platform challenges should be addressed to maximize security benefits. 

Salesforce Agents Introduce New Security Paradigm for Enterprise Data 

Matt Meyers and Maham Hassan, Salesforce Architect at Cloud-1 and co-presenter, recommended that organizations implement strict authentication requirements for AI agents, enforce field and record-level security, and carefully review Apex classes and flows utilized by agents to ensure they maintain proper sharing rules. The guidance reinforces that though Salesforce provides the technical infrastructure, customers maintain ultimate responsibility for proper implementation of security controls. Resources for implementing these security measures are being made available to help organizations navigate this new landscape of AI-powered automation within their Salesforce environments. 

A recent study, “State of AI Agent Development Strategies in the Enterprise,” highlighted significant implementation obstacles, with 42% of organizations requiring connectivity to at least eight different data sources for effective AI agent deployment, while security issues ranked as the primary concern among both executives (53%) and technical staff (62%). Additionally, the research determined that over 86% of businesses need to enhance their current technology infrastructure before successfully implementing AI agents. This extensive integration across multiple data sources introduces substantial new vectors for potential data breaches, dramatically expanding the enterprise attack surface. 

Feedback from leading developers at TDX25 reinforced these critical DevOps priorities that should be addressed alongside AI advancements. These include deployment fundamentals with clearer error messaging, improved performance for Apex tests, and standardized developer guidelines. Experts emphasize that establishing these foundational security protocols before expanding AI capabilities would create a more robust framework to safeguard sensitive data across Salesforce implementations. 

Salesforce Security Experts Urge Treating AI Agents with Same Security Protocols as Human Users

Industry experts are emphasizing the critical importance of approaching Salesforce AI agents with the same security considerations as human employees, highlighting authentication processes and proper data access controls as essential safeguards. During EzProtect CEO and Cofounder’s presentation, Matt Meyers echoed Ian Gotts, Co-Founder at Elements.Cloud, that organizations should “think about agents like they’re humans, like they’re people,” applying the same authentication standards—such as account verification, birthdate confirmation, or one-time passcodes—that would be expected of human agents.  
 
This security imperative becomes particularly urgent given that Salesforce does not automatically scan uploaded files for viruses, creating a dangerous vulnerability that could lead to significant data breaches as AI agents interact with potentially compromised files.  

“You want to ask yourself, would you give a human agent, a human agent restricted access to your org? No. You would give them limited access to what they need to do their job, but you also train them to ensure that they are not going to be. They’re only going to be giving data to people and giving secrets out to the people that deserve to get or need to know that information,” states Matt Meyers, CEO and Co-Founder of EzProtect. “Whether human or agent, you need to make sure that you are leveraging well-architected principles and also have a Salesforce virus scanner. Leveraging federal regulation standards, EzProtect is the leading tool in the ecosystem for this.”

EzProtect Leads Industry Protection as AI Adoption Heightens Data Breach Risks 

EzProtect continues to champion Salesforce data security as its foremost priority, equipping organizations with essential tools to protect sensitive information from emerging threats posed by AI agent implementations and malicious file uploads. The company’s focus on treating AI agents with the same security protocols as human users represents a critical paradigm shift necessary in today’s increasingly complex Salesforce environments. By combining well-architected principles with advanced virus scanning capabilities that meet federal regulatory standards, EzProtect remains dedicated to safeguarding customers from sophisticated security breaches that could compromise their most valuable data assets. 

SCHEDULE A FREE RISK ASSESSMENT