How Trusted Services Protect and Manage Your Agentforce Strategy

Key Takeaways

• Leverage the Salesforce Trust Layer for built-in AI data privacy.
• Use Shield to monitor agent reasoning and automatically block unauthorized data access.
• Scale confidently with automated archiving, secure backups, and safe sandbox testing.

Agentforce is redefining how work gets done—empowering AI agents to reason, act, and engage customers on behalf of your teams. As these agents take on more autonomy and access more data, ensuring they operate securely, responsibly, and at scale becomes essential.

At Salesforce, Trust is our number-one value. As customers begin deploying Agentforce, a natural question emerges: how do you maintain the same rigorous security standards you’ve always applied to your human workforce—while empowering autonomous agents to act at scale?

Salesforce addresses this in multiple layers. First, Agentforce inherits Salesforce’s core security and privacy architecture by design. That includes the Salesforce Trust Layer – which ensures zero data retention by third-party LLMs, dynamic grounding, and toxicity detection. These built-in protections establish a strong baseline for agent access, behavior, and data handling. 

There’s also out-of-the-box security features you control and customize, including identity and access management, permissions and sharing, auditing, encryption, and others.

Lastly, as agents become more autonomous and operate at greater scale, customers often need additional layers of insight and control. That’s where our advanced security products, or Trusted Services, come in—extending this foundation with deeper visibility, real-time enforcement, and operational resilience so customers can confidently deploy and operate agents in the real world.

Let’s walk through how Trusted Services products help Agentforce customers manage and protect their agents, using common, practical use cases.

Real-Time visibility with Event Monitoring

One of the biggest concerns with autonomous agents is the “black box” effect—knowing exactly what data an agent is accessing and why. Shield Event Monitoring provides the transparency required to answer those questions. This transparency is critical as agents make decisions independently and interact with sensitive data in real time. As Event Monitoring provides near real-time visibility into your agents’ activities it allows you to:

• Track data access: See exactly which records and fields an agent retrieves during a reasoning loop.
• Audit agent activity: Provides granular auditing of Agent Apex and API activities, giving you a detailed log of every action an agent takes.
• Connect to Data 36O: By connecting real-time events to your Data 36O profile, you can analyze agent behavior patterns alongside your broader customer data strategy.

This level of insight ensures that your agents are operating within their intended scope and provides a clear audit trail for compliance teams.

Proactive defense with transaction security policies

Visibility is powerful—but control is what turns insight into protection. Transaction Security Policies in Event Monitoring allow you to monitor and enforce rules in real time as agents access data. Policies can evaluate agent activity and automatically take action when thresholds or conditions are met. You can configure policies to:

• Block abnormal or bulk access: If an agent queries an unusually large dataset, the policy can automatically block the request.
• Prevent access to sensitive fields: If an agent attempts to access restricted data, the Transaction Security Policy can intercept that interaction to ensure data privacy is never compromised.
• Alerts: Security teams can be notified when agent behavior violates defined policies.

By leveraging Transaction Security Policies, rather than reacting after the fact, you proactively define—and enforce—the boundaries of acceptable agent behavior in real time.

Understand agent configuration with Security Center Agent Metrics

Managing a single agent is straightforward; managing a fleet across multiple orgs introduces new complexity. Security Center brings together agent-related security insights into a centralized, org-wide view, providing the metrics teams need to manage Agentforce at scale.

Security Center tracks critical agent configurations and usage metrics, including:

• Configured agents: Visibility into how many agents are deployed and how they’re set up.
• AI gateway usage: Understanding how agents interact with AI services.
• AI prompt injection signals: Indicators that help identify potential misuse or unsafe prompt behavior.

By surfacing these metrics in one place, Security Center helps teams track adoption, identify risk trends, and ensure agents are being used as intended.

Safer agent testing and validation with Data Mask & Seed

Before agents ever reach production, they need to be tested—safely. Data Mask & Seed allows you to validate agent behavior with realistic test data while protecting sensitive information. Data Mask & Seed can provide this realistic test data in two ways:

• Secure seeding: Seeding allows you to populate sandboxes with the realistic data you need without sourcing it directly from your production org. This protects your agents by ensuring they aren’t exposed to actual customer PII during the development phase.
• Anonymization: If you prefer to use your existing sandbox data, Data Mask allows you to mask or anonymize personal information. Your developers can build and refine agents using the structure of your data without ever seeing the sensitive content.

Together, these capabilities help teams validate agent behavior earlier, reduce risk during development, and ship higher-quality agents with confidence.

Org performance and accuracy with Archive 

An agent is only as good as the data it accesses. As your org grows, it can become bogged down by inactive and stale data, which can lead to poor decisions. Salesforce Archive moves this old information into a secure archive. In the context of Agentforce, this means:

• Reduced risk: By removing outdated and inactive records from the agent’s active data set, you reduce the risk that agents base decisions or responses on stale, incomplete, or misleading information.
• Improved org and agent performance: Archiving inactive data reduces data bloat, which can improve query performance, streamline agent reasoning, and help agents return faster, more relevant results.

An insurance policy with Backup & Recover

Even the best-designed agents and well-maintained orgs can encounter unexpected scenarios. Backup & Recover provides the ultimate safety net for your Agentforce strategy by providing backups of both the data and metadata in your org:

• Data protection: Salesforce data is securely backed up on a regular basis, enabling rapid recovery from accidental deletions, unintended changes, or downstream impacts that could otherwise affect agent behavior and reliability.
• Metadata protection: You spend hours building and configuring your agents. Backup & Recover allows you to easily back up your Agentforce metadata, ensuring that your hard work is protected and restorable if a configuration goes wrong.

Trust is the foundation of AI

Agentforce is built on the secure and trusted Agentforce 360 Platform, where trust is designed into every layer. Trusted Services extend that foundation by giving customers deeper visibility, stronger controls, and greater resilience—so agents can operate confidently in real‑world environments.

Whether it’s monitoring agent behavior in real time, enforcing data access policies, protecting sensitive information, or ensuring recoverability – Trusted Services help customers scale and innovate with Agentforce faster—without compromising the trust their business and customers rely on.

Ready to learn more? Explore our product pages to learn more about how we can help you protect your future:

• Learn more about Event Monitoring
• Explore Security Center
• Discover Data Mask & Seed
• Find out more about Archive
• Protect your data with Backup & Recover