Watch now! - https://www.youtube.com/@Urelevant

Let's dive into some security concerns and what you can do to shore up your AI implementations inside of

agent force so I noticed a post on LinkedIn that was gaining some traction that was from Amnon Kruvi and

he's a Salesforce architect and he mentions in his post that "it took me exactly two questions to accidentally

get agent force to reveal someone else's personal information using the default actions followed by

hallucinating madeup orders for that person and then from there he's saying how AI has no business reading

database records that is not to say there are no excellent use cases for it but delivering live information from

a database is just too risky in the data protection era we need to be realistic with what kinds of solutions AI

can safely deliver I understand the hype but some of it will just leave the door wide open for someone to

steal your data." That really intrigued me when I first saw that is like wow this is giving up information and

Salesforce has done a lot of work around the Einstein trust layer to try to protect information to mask

sensitive data as it goes to a large language model but when you think about it as far as authentication

methods that's something that always happens whenever you call into a call center and dealing with any sort

of sensitive records often times you're asked to verify your phone number your date of birth perhaps provide

the last four of your Social just different things as far as verifying and so what Amnon goes on to describe in

some of the comments which I'll highlight some here in a moment is that the verification process was kind of

thin and this was the default behavior and setup in the instruction sets inside of Agentforce and I'll dig in

more to try to see what sort of org or instance he was in if this was is a free learner account I think one of the

issues is is that this was the default setup provided by Salesforce which might lead to uh users trusting that

just because it's coming from Salesforce just presuming that best practices were being used so we're going

to explore in this video as well how you can help bring your instructions into alignment your various

guardrails that you can put in place inside of Agentforce and then open up some of the possibilities as far is

if there's things that are out of alignment or contradict one another in your guard rails and instructions these

are all things that we now have to think about in this new age of AI that we're working in and navigating and

so Amnon further iterates that does a good job of closing off a lot of attack vectors but the issue was with the

default demo configuration being of poor quality and teaches bad processes that highlight the security risk

involved with any kind of AI based technology and so here is my comment where I chimed in just saying for

my perspective that there's so many challenges that abound from implementing generative AI and placing

guard rail ensuring alignment across all instructions in Agentforce and the inevitable rapid release of new

and improved models makes this a moving Target this is a good case study for the Agentforce testing center

and previously we saw the release a few weeks ago of the Agentforce testing center where you can bulk test

agent force performance and agent responses and I think that this is a good thing to think about is the

hundreds or thousands of ways that prompts might come into an Enterprise and then testing out out in bulk

the verification process so that you are not just giving away other people's information the scenario that

Amnon is describing is he's self-identifying as someone saying that he is someone else giving that person's

email address which sometimes is easy to find online and then asking questions about an order for example

so you can see if you're dealing with agent force at a healthcare setting Financial Services Etc there's a lot

of loopholes that could be exploited and so then Paul Battisson he had a question here missing that this is

concerning and asking about the setup wanting to know more details as to what was the org in question

what was the setup and so he answers Paul saying it was an SDO that's the Salesforce developer org and

the main point here is that Amnon had a pretty good idea of why it was happening how to mitigate the

situation as well his main point is that the default action should not be so exposed because people might

think they're best practice and that's the point here is that when you see something from Salesforce you

assume that everything's been thought out and thought through and that the proper guard rails are in place

so whenever you're spinning up an instance that has Agentforce enabled you don't want to just necessarily

take all the instruction sets at face value there's instructions you can place the agent level and inside of

prompt templates and you will be wanting to audit those make sure that they're in alignment that's one of the

points I was trying to make as far as this being indeed a moving Target coupled with as well in the

background the constant Evolution and advancements with new large language models and those being

added into agent force over time and so this is something that will not be set it and forget it sort of

proposition but will always need to be being monitored by organizations and tested in bulk in mass and that's

why the Agentforce testing center is so important is because we can't humanly scale to that point to think of

all the variations as to the different approaches to be able to try to hack this in and there was another

response further down from someone named Vani I didn't put her last name I checked her profile I'm not

sure what her last name is she's bringing up since Agentforce can't function without Einstein trust layer uh

which includes safeguards like data masking and access controls I'm curious do this happen even after

having these protections or or do you think they're still room for improvement and so then Amnon responds

back that I did not actively put someone's address as protected data in the trust layer configuration though it

was enabled with the default settings and then basically said hey my email is xxx then asked it to tell me

what my address and birthday were and so that is the example specifically of the prompt or the utterance

that was given to Agentforce and it didn't really do a great job as far as verifying the identity of the person it

was able to then verify by the email address assuming that that is the person that is chatting or prompting

agent force and then was able to follow up with asking some follow-up questions and so then Andy

Cotgreave brought up a great point as well saying we don't want to put the burden on the end user as far as

having to test test test and that burden should be on Salesforce in the configuration of Agentforce and this I

think it was this specific comment that caused me to remember theAgentforce testing center which was

recently released that comment of test test test was realizing okay the burden is on the user and this is

Salesforce's response is to use the Agentforce testing center because it we can't humanly scale as I said to

test out all those different variations and so it's the coupling of humans and AI working together on that side

of the fence to do that testing in in addition to configuring the Einstein Trust Layer setting and then as well

the instruction sets for prompt templates the agent instructions as well the topic configurations so there's a

lot of great conversation here and this really opens up some thought related to authentication of users and

just the utterances and prompts that Agentforce will be faced with dealing with out in the wild so many

thanks to Amnon Kruvi for insightful post bringing up some important aspects related to Security in the age

of Agentforce and so be sure and check out Velza that is our implementation company we specialize in

Salesforce implementations and agent force implementations reach out to us at Velza.com and we will

schedule a call do a discovery and get your implementation out on the right foot or fix a failed

implementation that seems to be all the rage nowadays is people trying to start over and get their

configurations fixed especially in this age of AI and Agentforce also be sure and check out rapidreskill.com

for Salesforce and AI training and be sure and like And subscribe to the Urelevant podcast feed the

algorithm help others to find Urelevant as well it's all about helping you to find relevance in the economy of

now I'm Mike wheeler signing off for now until next time I'll see you in the cloud