CMC Energy and Cervello use Agentforce in Security Center and Privacy Center to significantly streamline security investigations and increase visibility of non-compliance risks

Security and compliance teams face a two-fold crisis in an evolving threat landscape: First, nearly half of security leaders spend more time configuring and troubleshooting tools than actively mitigating threats. Second, 90% of compliance executives say their responsibilities have grown in the last three years. These teams are drowning in a sustained and overwhelming burnout, leading to a reactive cycle that puts organizations in vulnerable positions.

To combat this unproductive, time-consuming cycle, today Salesforce is announcing that Agentforce now protects customer data and simplifies compliance by working through Salesforce’s security and privacy solutions.  

• Agentforce strengthens security in Security Center: Agentforce monitors activity, detects anomalies, accelerates investigations, and guides remediation — helping security teams respond faster and build trust.
• Agentforce automates compliance in Privacy Center: Agentforce interprets regulatory context to autonomously identify, prioritize, and minimize data exposure — allowing admins and privacy teams to reduce risk and streamline compliance.

Go Deeper

Built natively on the Salesforce Platform, the new Agentforce security and compliance capabilities deliver immediate access to security and data privacy insights and handle complex tasks with greater accuracy and speed. Agentforce continuously analyzes a company’s unique Salesforce dataset‌ — ‌and soon, its connected security data — including its user activity, security configurations, and data governance policies. Agentforce acts as a trusted advisor, leveraging context to provide actionable next steps that reduce exposure.

Agentforce in Security Center

Customers with Security Center can now quickly and easily deploy Agentforce from a pre-built template designed to proactively catch, triage, and manage threats. This will allow teams to respond faster and take immediate action to prevent future incidents. The agent will also be accessible via Slack, where users can receive and act on security alerts. Security Center now with Agentforce includes:

• Fast, In-Depth Security Investigations: Agentforce quickly delivers insightful summaries of user activity from event logs, including instant analysis of when a user logged in, what they viewed, and if they attempted or performed any unauthorized or unusual actions. 
• Guided Security Remediation: In the event of an incident, Agentforce guides users, step-by-step, prioritizing the most critical actions to resolve issues quickly, close security gaps, and prevent future threats. Agentforce will also be able to take action on the customer’s behalf — including freezing a user with atypical behavior. 
• Threat Detection and Monitoring: Customers can simply ask Agentforce in natural language, “Are there any issues I need to be aware of?” Agentforce will also proactively flag irregularities, correlate related anomalies, and automatically triage incidents for human review.
• Extended Security Capabilities Through Partner Ecosystem: Through partnerships with CrowdStrike and Okta, Salesforce will offer customers integrated security capabilities that bring external insights into Security Center and cross-platform AI integrations that extend Agentforce in Security Center via AgentExchange.

Open Image Modal

Image Modal

Agentforce in Privacy Center

Privacy Center’s new agentic capabilities use pre-built compliance frameworks for complex laws such as GDPR and CCPA, allowing users to review and activate regulation-specific retention rules. Privacy Center now with Agentforce includes: 

• Proactive Risk Detection: Agentforce autonomously scans Salesforce tenant metadata, data privacy policies, and system context against common regulatory frameworks, such as GDPR, to proactively surface personal or sensitive data exposure and non-compliance risks. 
• Prioritize Regulatory Issues: Agentforce prioritizes data privacy issues by relevance and severity, incorporating regulatory and business context — such as where sensitive Personally Identifiable Information (PII) lives in the context of a customer’s data — making recommendations more precise and easier to implement. 
• Accelerate Compliance Remediation: Agentforce autonomously surfaces compliance risks, including re-classifying sensitive data or implementing important data management policies, such as the Right-to-be-Forgotten (RTBF). The agent will also support custom data management policies for more expansive regulatory use cases.

Open Image Modal

Image Modal

“We built Agentforce security and compliance capabilities to reduce the most painstaking, tedious responsibilities of security and risk professionals,” said Marla Hay, Salesforce SVP of Product Management. “Within Security Center and Privacy Center, security and compliance with Agentforce enables our users to focus on higher-value tasks while mitigating risks to their Salesforce data.”

Agentforce in Action

For organizations like CMC Energy, Security Center with Agentforce enables a shift from reactive measures to proactive, agent-assisted defense. CMC Energy employs Agentforce to surface the critical data and context required to take decisive action.

“As CIO, safeguarding our clients’ data is my top priority. My team now has an intelligent agent to accelerate risk detection by allowing rapid, natural-language queries to quickly identify, assess, and respond to threats. This speed and precision not only improves our security posture but also instills greater confidence with our clients that their data is safe,” said Paul Mackay, Chief Information Officer, CMC Energy.

My team now has an intelligent agent to accelerate risk detection by allowing rapid, natural-language queries to quickly identify, assess, and respond to threats.

Paul Mackay, Chief Information Officer, CMC Energy

Ensuring data governance policies are configured correctly is a major challenge, especially when preventing the improper labeling or exposure of PII. Agentforce is taking the guesswork out of complex data privacy regulations by automatically suggesting policies to reduce risk of non-compliance. Cervello, a professional services company, will use Agentforce in Privacy Center to pinpoint regulatory gaps and help ensure data integrity.

“We are seeing that integrating Agentforce is transformative for our customers. It turns what used to be weeks of manual compliance planning and coordination into a guided, automated workflow that identifies issues and drafts remediation plans in minutes. This helps our customers move faster toward a compliant org and spend more time on strategy, not administration,” said Ralph Bruno, Senior Director, Cervello – Kearney Activate

Availability

Available Today: 

• Agentforce in Security Center
• Agentforce in Privacy Center

Available Soon: 

• Autonomous threat detection and triaging (Spring ‘26)
• Agentforce security capabilities in Slack (Spring ‘26)
• Custom data compliance policies (Spring ‘26)
• CrowdStrike integration with Agentforce in Security Center will be available via AgentExchange and Slack Marketplace this year.

Learn More:

• Read more about Agentforce in Security Center
• Learn more about Agentforce in Privacy Center
• Read about Salesforce’s partnership with CrowdStrike
• Read about Salesforce’s partnership with Okta
• Learn how to simplify security, response, and compliance in Salesforce

This article may include references to services or features that are still in development and are unreleased. Customers should make their purchase decision based on fully released and available features.