Salesforce is celebrating a major milestone in its commitment to security: the 10th anniversary of its Bug Bounty Program. Since the program’s inception in 2015, Salesforce has invested over $30.4 million in its partnership with ethical hackers, finding and addressing potential issues before bad actors can exploit them. This collaboration helps identify security gaps, protect customer data, and stay ahead of an ever-evolving threat landscape accelerated by AI.
Why it matters: As organizations embrace autonomous AI agents that make decisions and execute tasks independently, securing these systems is more critical than ever. Bug bounty programs provide a vital layer of defense, allowing companies to tap into global expertise to pressure-test AI agents against potential manipulation and exploitation before those potential exploits have the chance to reach the enterprise.
For 10 years, our bug bounty program has helped us build a moat around Salesforce and our customers, and its importance has only grown as agentic AI continues to take off.
Prashant Vadlamudi, SVP of Product Security, Salesforce
Go deeper: A decade ago, Salesforce was one of the first enterprise companies to launch an invitation-only bug bounty program. Today, the program remains a cornerstone of the company’s cybersecurity posture. By incentivizing researchers to find issues, ranging from traditional coding errors to complex AI logic flaws, Salesforce can proactively issue patches and ensure that trust remains the number one value in the agentic AI era.
The Salesforce perspective: “For 10 years, our Bug Bounty Program has helped us build a moat around Salesforce and our customers, and its importance has only grown as agentic AI continues to take off,” said Prashant Vadlamudi, SVP of Product Security. “As AI agents become more autonomous in supporting critical business operations, the scrutiny of the ethical hacker community helps us ensure those agents are safe, reliable, and secure. The program helps make the entire digital ecosystem more resilient.”
The ethical hacker perspective: “Salesforce advances collaboration between internal development teams and bug bounty hunters further than most companies do, creating a symbiosis that improves security across the entire ecosystem. The rise of agentic AI introduces new layers of complexity that make the research challenging, but it is equally rewarding because Salesforce’s security team clearly values our time and skills. Their relationship with the hacker community is truly unique.” — Alexandro Bindreiter, ethical hacker, Salesforce Bug Bounty Program
Fast Facts: A Decade of Results
- In 2025, Salesforce paid out over $6.2 million in total bounties to its bug bounty network — the program’s most significant year yet.
- A network of 696 ethical hackers participated in the program in 2025, disclosing over 4,000 reports of potential vulnerabilities.
- Salesforce has awarded individual bounty payouts as high as $60,000.
What’s next: Salesforce is continuing to evolve the program to meet the unique security challenges of the Agentic Enterprise. By expanding its community of researchers and employing creative methods to further incentivize them, Salesforce ensures that the protections guarding customer data remain one step ahead.
Explore further:
- Learn more about Salesforce’s Bug Bounty Program
- Meet the AI agents augmenting Salesforce’s security teams
- Read more about Salesforce’s cybersecurity initiatives and trust commitment
- Read more about the evolution of agentic AI in the enterprise
To inquire about participating in Salesforce’s invitation-only Bug Bounty Program, contact security@salesforce.com.
