Loading
Feature degradation | Gmail Email delivery failureRead More
Set Up and Maintain Your Salesforce Organization
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Einstein Audit and Monitoring - Agentforce Session Tracing Control

            You are here:

            1. Salesforce Help
            2. Docs
            3. Set Up and Maintain Your Salesforce Organization

            Einstein Audit and Monitoring - Agentforce Session Tracing Control

            Records the step-by-step logic, thought process, and tool-calling sequence of autonomous agents for every interaction.

            Control Name

            Agentforce Session Tracing

            Control Overview

            Records the step-by-step logic, thought process, and tool-calling sequence of autonomous agents for every interaction.

            Description

            Enables the Agentforce Session Tracing, capturing the agent's plan tracer logs, showing how it interpreted a prompt, which topics it selected, and which specific actions it invoked.

            Recommended Configuration

            Go to Agent Analytics in Setup. Select the appropriate dashboard template. Ensure that the Tableau Next Limited Consumer and Data Cloud User permission sets are assigned to stakeholders.

            Security Impact

            It lets security teams verify that an agent's reasoning didn't drift into unauthorized logic or attempt to bypass guardrails via complex multi-step plans.

            Business Impact

            Directly fuels agent optimization, allowing builders to see exactly where a conversation failed (for example, a Topic was too broad) and refine instructions to improve task resolution.

            Security Risk If Not Configured

            If an agent executes an unauthorized action or accesses sensitive data, there is no technical trace to reconstruct the logic that led to that decision.

            Threat Scenarios

            Reasoning Manipulation: An attacker uses a prompt to trick the agent into a loop that exhausts API credits. Indirect Injection: Malicious data in a Knowledge article causes the agent's reasoning to hallucinate an unauthorized refund.

            Estimated CVSS Score Range

            Critical (9.0–10.0).

            Risk Impact Considerations

            Essential for agents with Private Actions (for example, agents that can update billing, reset passwords, or access HR files) that have instructions to perform tasks involving sensitive data.

            Higher Risk When

            Tracing is disabled, or data retention in Data Cloud is set to less than 30 days, preventing retroactive forensic analysis of security incidents.

            Low Risk When

            Session traces are regularly sampled and reviewed using custom implementation to ensure adherence to system instructions.

            Business and Integration Considerations

            Session Tracing data is voluminous and consumes Data Cloud Platform Credits. Companies must balance the depth of tracing with their available storage and processing budget.

            Security Health Review Guidance

            Security Health Review audits the Agentforce Session Tracing configuration to confirm that tracing is active and that data is being successfully ingested for all active agents.

            Who Is Impacted

            AI architects, SecOps, compliance officers, and agent builders.

            See Also

             
            Loading
            Salesforce Help | Article