Smart Threats: Navigating the AI & Security Balance in Salesforce

Artificial intelligence (AI) is changing how we work — and how attackers work, too.
The same tools that make our Salesforce teams smarter and faster can also create new risks if we’re not paying attention. As administrators, you’re on the front line of that shift, responsible for configuring, managing, and safeguarding the data that fuels your organization’s success.

Let’s explore how these new threats are emerging — and how Salesforce administrators can defend against them. Here’s what every admin should know, and what you can do today to keep your org secure as AI-based threats continue to evolve.

What are “smart threats”?

The term “smart threats” refers to familiar attack types like phishing, malware, and ransomware that are now being amplified by AI. Attackers are using AI to generate highly convincing messages, voices, and videos that make social engineering far more effective. From AI-generated vishing calls to deepfake impersonations, these methods are designed to trick users into handing over data or access they’d normally protect.

We’re seeing attackers use AI to:

• Craft highly personalized phishing messages that sound natural and come from familiar looking senders.
• Generate deepfakes and voice clones to impersonate trusted individuals.
• Suggest or manipulate malicious code and configurations through AI coding tools.

AI makes these attacks more believable and more scalable. But the good news is that we can use AI to counter them just as effectively.

The top AI-driven risks for admins

Here are a few of the biggest risks AI introduces in a Salesforce environment, and why they matter to you.

1.  AI-generated phishing and impersonation

Attackers can use AI to write flawless phishing emails — even mimicking internal communications or Salesforce notifications. These are designed to trick users into sharing credentials or approving harmful actions.

What to do: 

• Reinforce security awareness and confirm that Multi-Factor Authentication (MFA) is enabled for every login. MFA remains one of the most effective controls we have. 
• Regularly review permissions and apply the principle of least privilege — give users only the access they need, for only as long as they need it. This limits the impact if credentials are ever compromised.
• Add access controls such as location or IP-based restrictions to limit where and when logins can occur. Restricting authentication to trusted networks or devices helps contain risk if a phishing attempt succeeds.
  

2. Unsafe use of AI tools

Experimenting with LLMs can be exciting, but prompts that include customer data or personal information can unintentionally expose sensitive data outside your organization.

What to do: Create clear internal guidelines for how AI tools can be used. Remind teams never to enter confidential or personally identifiable information into prompts.

3. Excessive permissions and over-privileged accounts

Over time, users and integrations can accumulate access they no longer need. If any one of those credentials is phished or misused, broad permissions turn a small incident into a big one.

What to do: Apply the principle of least privilege. Keep the number of admins low, assign only the permissions required for a role, and remove access when it’s no longer needed. Review permission sets, profiles, and connected app scopes regularly; prefer temporary or time-bound elevation over permanent broad access.

Recognizing and preventing user-targeted attacks

Technology changes quickly, but most attacks still target a person to gain access to an account or system — often a well-intentioned user making a quick decision. That’s why your configuration choices as an admin matter so much.

Salesforce gives you powerful tools to protect your data. Start by focusing on the essentials:

• Security Health Check: Quickly identify and fix misconfigurations that create unnecessary risk.
• Login IP Ranges: Control where users can access your org from. 
• MFA: Block most access attempts by unauthorized users.
• Shield provides deeper visibility into behavior and data access patterns, helping you detect issues before they escalate.

Small configuration decisions add up. They’re what keep a simple click from turning into a security incident.

How AI can help you defend

The same technology that powers these “smart threats” can also make your defenses smarter.

At Salesforce, we’ve built AI into our security tools in ways that help Admins identify, respond to, and even predict risk.

• Trust Layer ensures generative AI features are designed with data isolation, zero data retention, and toxicity detection.
• Agentforce in Security Center uses analytics and anomaly detection to surface unusual activity across users and orgs.

When used thoughtfully, AI can be one of your greatest allies in protecting data and strengthening trust.

An admin action plan

If you’re wondering where to start, here’s a simple checklist to help you balance innovation and security in your org:

1. Review access and integrations.
   • Audit API connections and connected apps, and remove any unnecessary integrations.
   • Remove unnecessary permissions from user profiles, especially Admin-level permissions.
2. Revisit your MFA and session settings.
   • Require MFA for every login, and enable session-based MFA for added security.
   • Use Login IP Ranges to reduce exposure to unauthorized logins.
3. Leverage Security Center and Shield products.
   • Gain a unified view of your org’s security posture.
   • Get alerts when permissions or configurations change.
4. Educate your users.
   • Run educational awareness sessions or phishing simulations to educate your users.
   • Encourage a culture of reporting anything suspicious.
5. Stay informed.
   • Follow the Salesforce Blog’s security hub and security.salesforce.com for updates, best practices, and new tools.

Balancing innovation and trust

AI is transforming how we build, work, and protect. As Salesforce admins, you have a unique role in that transformation as both system owners and stewards of trust.

The right security postures make innovation sustainable. When you configure with intention, monitor proactively, and use the tools available to you, you make your org and your company stronger.