Einstein Trust Layer: Designed for Trust
The Einstein Trust Layer is a collection of features, processes, and policies designed to safeguard data privacy, enhance AI accuracy, and promote responsible use of AI across the Salesforce ecosystem.
Required Editions
| Available in: Enterprise, Performance, and Unlimited Editions with an Einstein for Sales, Einstein for Platform, Einstein for Service, Einstein 1 Service, or Einstein GPT Service add-on. To purchase add-ons, contact your Salesforce account executive. |
To understand how the Einstein Trust Layer works, let’s look at how data flows through the Trust Layer and then walk through each part of the journey in detail.
- The data in the form of a prompt, flows from CRM apps, through the Einstein Trust Layer, to the large language model (LLM), which we’ll call prompt journey.
- The LLM generates a response using the prompt, which we’ll call response generation.
- The generated response then flows back through the Einstein Trust Layer and back to the CRM apps, which we’ll call the response journey.
How Does It Work?
Prompt Journey
To generate a response from the LLM, you must provide it with a prompt. The prompt can come from any of the CRM apps. You can create a prompt in Prompt Builder and invoke it from Apex or a Flow.
Secure Data Retrieval and Grounding
The first step in the Trust Layer is secure data retrieval. In order for the LLM to generate a response that is more relevant and personalized, it requires additional context from your CRM data. This process of adding additional context to the prompt is what we call grounding. You can ground your prompts using merge fields with CRM data, which can be record fields, flows, Apex, Data 360 DMOs, and related lists.
Secure data retrieval means that the prompt is grounded only with data that the executing user has access to.
The data retrieval process respects existing access controls and permissions in Salesforce:
- Data retrieval for grounding the prompt is based on the permissions of the user executing the prompt.
- Data retrieval for grounding the prompt preserves in place all standard Salesforce role-based controls for user permissions and field-level security when grounding data from your CRM instance.
The grounding is dynamic since the grounding happens at run time and depends on the user's access.
Data Masking for the LLM
Einstein Trust Layer policies include data masking, where sensitive data is detected and then masked. We identify sensitive data using two methods:
- Pattern-based: We use patterns and context to identify sensitive data in the prompt text. Specifically we use regular expressions (regex) patterns and context words. We also use machine learning models trained to identify data that don't have a defined pattern, such as names of people or companies.
- Field-Based: We use the metadata in the fields that are classified using Shield Platform Encryption or data classification to identify sensitive fields. This extends the classification that you have already applied to your data in your org to LLM data masking.
Once identified, the data is then masked with a placeholder text to prevent the data from being exposed to external models. Einstein Trust Layer temporarily stores the relationship between the original entities and their respective placeholders. The relationship is used later to demask the data in the generated response.
Prompt Defense
To help decrease the likelihood of the LLM generating something unintended or harmful, Prompt Builder and Prompt Template Connect API use system policies. System policies are a set of instructions to the LLM for how to behave in a certain manner to build trust with users. For example, we can instruct the LLM to not address content or generate answers that it doesn’t have information about. System policies are one way to defend against jailbreaking and prompt injection attacks.
Response Generation
After a prompt is fully hydrated and secured, it’s ready to be sent through the LLM gateway. The gateway governs interactions with different model providers and represents a unified, secure way to communicate with multiple LLMs. The gateway and model providers use TLS encryption to make sure the data is secured during transit.
Models built or fine-tuned by Salesforce are hosted in the Salesforce trust boundary. External Models built and maintained by third-party providers, such as OpenAI, are in a shared trust boundary. Models that you build and maintain are hosted on your infrastructure.
We have a zero data retention policy in place with external partner model providers, such as OpenAI or Azure OpenAI. The policy states that data sent to the LLM from Salesforce isn’t retained and is deleted after a response is sent back to Salesforce.
Einstein Trust Layer: The Response Journey
When the generated response is returned from the large language model, the Einstein Trust Layer applies certain policies and processes to make sure the response is safe and useful. See Einstein Trust Layer: Response Journey.
