Confirmation Required for Agentforce Actions - External

To better protect customers against prompt injection risks, Salesforce is proactively changing the isConfirmationRequired setting from false to true for the following actions within Agentforce and Einstein Generative AI:

• AddCaseComment

• CancelOrder

• CreateCase

• CreateCaseEnhancedData

• FinalizeNewDeliveryTime

• FinalizeReservation

• ResetPassword

• ResetSecurePassword 

We are applying this proactive security measure to all Agentforce Standard actions to help reduce the risk of prompt injections. As a result, Service Agents will more frequently ask you to confirm an action before it is executed. We recommend customers configure their custom actions to require confirmation before completing any sensitive actions. See Maintain Trust with Agentforce Actions.

This proactive measure is part of our commitment to ensuring a safe and trusted experience with Agentforce and Einstein Generative AI. We continuously adapt our defenses as threats evolve, working closely with security researchers and our own expert teams to stay ahead of potential issues.

Prompt injection remains a complex challenge across the industry, and we are dedicated to making continued investments in strong security controls and maintaining our collaboration with the research community to keep our customers secure.

If you have questions please log a ticket with Support via the Help portal.