Loading
Feature degradation | Gmail Email delivery failureRead More
Set Up and Maintain Your Salesforce Organization
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            LLM Data Masking (Available for Non-Agentforce Generative AI) Control

            You are here:

            1. Salesforce Help
            2. Docs
            3. Set Up and Maintain Your Salesforce Organization

            LLM Data Masking (Available for Non-Agentforce Generative AI) Control

            Automatically identifies and masks sensitive data (PII, PCI, and so on) within a prompt before it is transmitted to an external Large Language Model (LLM).

            Control Name

            Einstein Trust Layer - LLM Data Masking (Available for non Agentforce gen AI)

            Control Overview

            Automatically identifies and masks sensitive data (PII, PCI, and so on) within a prompt before it is transmitted to an external Large Language Model (LLM).

            Description

            Uses pattern matching and machine learning to replace sensitive entities (for example, names, emails, credit card numbers) with placeholders, which are de-masked only after the response returns to Salesforce.

            Recommended Configuration

            Enable "LLM Data Masking" in Einstein Setup. Customize specific masking policies for all relevant entities (SSN, phone, email) based on your privacy and compliance requirements.

            Security Impact

            Prevents sensitive data from being shared with LLM providers, to support compliance with global privacy regulations like GDPR and CCPA.

            Business Impact

            Enables the safe adoption of gen AI for customer-facing and internal workflows without risking data residency violations or intellectual property leaks.

            Security Risk If Not Configured

            Unmasked sensitive data (PII/PHI) is sent to the LLM provider (for example, OpenAI, Anthropic) in plaintext, potentially violating data processing agreements and organizational policies.

            Threat Scenarios

            Data Leakage: A user inadvertently incorporates sensitive fields in the prompt.

            Estimated CVSS Score Range

            Critical (9.0–10.0).

            Risk Impact Considerations

            Risk is extreme for orgs in regulated sectors (Finance, Health) where sending a single unmasked record to an external cloud can trigger a mandatory breach notification.

            Higher Risk When

            Gen AI users incorporate data from sensitive fields (for example, PII/ PCI data) in their prompts in most of the use cases.

            Low Risk When

            Zero data retention (ZDR) is technically enforced with the external LLM providers, or internally hosted model is used to train the LLM developed by your company.

            Business and Integration Considerations

            Masking can occasionally reduce the contextual accuracy of the LLM if too much data is obscured. Careful testing of prompt templates is required to balance security and utility.

            Security Health Review Guidance

            Security Health Review audits the Einstein Trust Layer Setup to confirm that data masking is enabled.

            Who Is Impacted

            Data privacy officers, AI developers, admins, and any users using Prompt Builder or Einstein Copilot features.

             
            Loading
            Salesforce Help | Article