Update & Action Required: Changes to Default Allowlist for Agentforce (Effective February 28, 2026)

Updated Article Published February 13, 2026

What’s Changing

Salesforce is updating the default allowlist configuration for Agentforce. Effective February 28, 2026, the *.salesforce.com wildcard will be removed from the default configuration.

Reason for the Change 

This update reduces the risk of potential prompt injection vulnerabilities associated with broad wildcard allowlisting. By enforcing stricter domain definitions, we aim to reduce the threat surface for Agentforce deployments.

What action do I need to take?

Customers are advised to audit their Trusted URLs settings in Setup. To maintain security best practices, please explicitly define the specific domains required for your agent's operations rather than re-adding the wildcard.

---------------------------------------------------------------------------------------------------------------------------------------------------------------------

Original Article Published September 8, 2025

What’s Changing 

Starting September 8, 2025, Salesforce will begin enforcement of Trusted URL allowlists for Agentforce and Einstein Generative AI agents. This update is part of our ongoing efforts to strengthen customer environments and follows the “principle of least privilege” security model.

What it is
Our underlying services powering Agentforce will enforce the Trusted URL allowlist to ensure no malicious links are called or generated through potential prompt injection. This provides a crucial defense-in-depth control against sensitive data escaping customer systems via external requests after a successful prompt injection.

How it Works

This involves implementing an administrator-controlled domain allowlist through Salesforce's Trusted URLs feature or agent instructions. This strategy prevents agents from generating any unapproved URLs, ensuring sensitive data remains secure within Core Salesforce or known customer-specified locations.

Potential Impact
The following agents in your environment could be affected by this change:

• Agent workflows that generate images or rich content from external, non-Salesforce domains

• Agents that provide links to external documentation or third-party systems

• Workflows where an agent's response is expected to contain an unapproved URL

If the domain isn’t on your Trusted URL list or included in the agent’s instructions, the agent’s link will be blocked.

What action do I need to take?

You should immediately add any additional external URLs that your agents rely on to your Salesforce Trusted URLs list or agent instructions. This includes, but is not limited to, external feedback forms (like forms.google.com), external knowledge bases, or any third-party websites your agents need to link to. 

Typical Salesforce Org URLs (e.g., *.salesforce.com) will be allowed by default and will not be impacted. If you are using companion org setups, make sure your home/companion orgs have added each other to their trusted urls.

How to Add Trusted URLs:

1. Navigate to Setup in your Salesforce Org.

2. In the Quick Find box, type "Trusted URLs" and select Trusted URLs.

3. Click New Trusted URL to add a new domain, or Edit an existing one.

4. Enter the URL (e.g., https://forms.google.com). You can use the wildcard character * (asterisk) to reduce repetition, for example, *.example.com.

5. Select the appropriate CSP directives for the trusted URL, such as img-src (images) if your agent generates images from that domain.

6. Ensure you have the "Customize Application" and "Modify All Data" user permissions to create, read, update, and delete Trusted URLs.

Please note that any URL added to the allowlist will be allowed throughout your entire Salesforce Org permissions, not just specifically to your agents. If you have questions on how this impacts CSP directives on your experience sites, please reach out to Salesforce Support.

How to Use Agent Instructions

1. Open the agent in Agent Builder

2. In the agent instructions, add URLs that you wish to allow-list in responses generated by the agent. These URLs will be permitted in the output if they match the agent URL exactly (they cannot contain wildcards such as *.yoursite.com).

Where can I get more information?

If you have questions please log a ticket with Support via the Help portal

or read the following help article for Trusted URLs: https://help.salesforce.com/s/articleView?id=xcloud.security_trusted_urls_manage.htm&type=5

Customers can find additional information about protecting their Salesforce organizations here: https://help.salesforce.com/s/articleView?id=xcloud.security_overview.htm&type=5