Data Masking Limitations in Agentforce

Although masking can help protect sensitive and personally identifiable information from exposure to the LLMs, in some cases, it can affect the accuracy and relevance of the agent’s response because the context needed for the response is masked. For example, if a user asks an agent to build a list of similar accounts, the details of the reference account are important context information. If the reference account is masked from the prompt before sending it to the LLM, it doesn’t have the contextual information needed to identify accounts with similar characteristics.

Einstein Trust Layer includes several policies and features to help protect sensitive data from misuse or leaks beyond data masking.

All information sent to an LLM outside of the Salesforce trust boundary is subject to our zero data retention contract with the LLM provider. Information sent to the LLM is not retained, viewed, or used for training by the provider after the generated response has been sent back to Salesforce.

A custom action based on a prompt template, Apex, or the Models API can reference Salesforce-managed LLMs, including those hosted within the Salesforce trust boundary, such as the Anthropic Claude model. When using an LLM hosted within the Salesforce trust boundary, the data doesn’t leave the Salesforce trust boundary. Data masking remains disabled for agents in this case, but the data stays within the Salesforce trust boundary, and our zero data retention policy still applies.

Note A prompt template can be used directly in Salesforce apps and through agent actions. When a prompt template is called through an agent action, data masking is disabled. When a prompt template is used directly, for example, in service replies, data masking is applied based on the configuration in the Einstein Trust Layer.