DevSecOps for AI Agents

First, there was DevOps, which created a shared system for developer and operations teams to deliver software. Then emerged DevSecOps, which expanded that by pulling security into those same pipelines and processes. Now, with DevSecOps for AI, it’s all about integrating security into the full AI development lifecycle. It treats protection as part of how models are built and deployed rather than a separate review step. Security checks are applied alongside development and release workflows so AI systems evolve within defined guardrails.

AI introduces new kinds of security threats compared to traditional software. The risks go beyond just the code because AI relies on training data, the inputs it gets, and the sometimes unpredictable, probabilistic outputs it generates. AI agents add another layer of complexity: they can take actions across systems, call APIs, trigger workflows, and make decisions based on new information. That expanded autonomy increases the risk of a mistake or malicious prompt.

DevSecOps addresses that complexity by extending DevSecOps practices to cover data handling, model changes, and automated decision paths. This reflects how DevSecOps has matured to meet modern development demands, where security work runs in parallel with delivery instead of trailing behind it.

AI in DevSecOps changes how risk shows up in production. Unlike traditional applications, AI models are constantly learning and changing based on the data and inputs they get. This means their behavior can actually shift without anyone touching the code. That adaptability, while incredibly useful, makes AI more susceptible to manipulation, especially when inputs are intentionally crafted to do damage.

AI agents also operate closer to sensitive data. An agent might routinely process customer records, internal documents, and operational signals to generate decisions or trigger actions. Without strict controls around access, encryption, and usage tracking, that data exposure can spread quickly across training pipelines and runtime interactions. For teams adopting AI for DevSecOps, security has to account for how learning systems behave in real conditions, not just how they were designed to work.

AI agents introduce security challenges because they operate dynamically across systems rather than within a fixed path. They retrieve data, invoke services, and make decisions based on changing inputs. Each interaction expands the surface area that needs protection, especially when agents are granted autonomy to act without manual approval.

As automation increases, governance becomes just as important as technical controls. AI-driven actions must be traceable, attributable, and reviewable to meet regulatory expectations and internal policies. Without consistent monitoring, even well-designed agents can create blind spots as their scope grows.

• Data poisoning: Training or reference data is manipulated to subtly change model behavior over time, often without obvious failures.
• Adversarial attacks: Inputs are intentionally crafted to push AI agents toward incorrect conclusions or unsafe actions.
• API security risks: AI agents rely on external services, which introduces exposure through misconfigured permissions or weak authentication.
• Compliance risks: Regulations such as GDPR, CCPA, and HIPAA require visibility into how data is used, stored, and acted on by AI systems.

DevSecOps protects AI agents by embedding security into how models are developed, released, and operated. Late-stage reviews don’t cut it. By having security checks run alongside development workflows, risks can be addressed as systems change. This approach is especially important for AI since behavior can shift even when application code stays the same.

In a DevSecOps pipeline for AI, data handling is treated as a first-class concern. Training and inference data are governed with strict access controls and encryption to reduce exposure as models evolve. Model artifacts are versioned and validated to prevent unauthorized changes, while deployment pipelines apply policy checks before agents are promoted into higher, more sensitive environments.

Ongoing oversight completes the picture. Monitoring focuses on how AI agents behave in production, including unexpected outputs, abnormal access patterns, or policy violations. By integrating these safeguards into everyday workflows, DevSecOps provides a practical way to manage AI risk while still leveraging the benefits of AI to the fullest.

Salesforce applies DevSecOps principles directly within the platform — you can use AI systems with security and governance built into everyday development work. AI security and protections are woven into how data is handled and how changes move through environments.

Within Salesforce DevSecOps, you can support AI development by bringing consistency to how models and automation are tested, released, and then observed. Security policies travel with the work itself, so you’ll see fewer risky gaps between experimentation and production use.

• Trust Layer: The trust layer protects AI interactions through data masking, encryption, and zero-data retention, helping control how sensitive information is processed during AI workflows.
• Salesforce Shield: Salesforce Shield provides audit trails, event monitoring, and platform encryption, which makes compliance and accountability for AI-driven actions possible.
• DevOps Center: DevOps Center helps teams manage and deploy changes to Salesforce metadata across environments. It provides visibility into what’s changing and when it’s released.
• Sandboxes: Sandboxes offer isolated environments for testing AI models and automation, keeping experimentation separate from production systems.
• Data Mask & Seed: Data Mask & Seed protects sensitive data in non-production environments while preserving realistic data structures for testing and training.
• Agentforce Dev Tools: Agentforce Dev Tools help teams build, test, and manage agent behavior and configurations during development.
• Agentforce Observability: Agentforce Observability allows teams to monitor agent behavior in production, which makes it easier to spot issues and support reliable performance.

Building AI agents you can trust requires application development platforms that treat security as a core design principle. Salesforce brings governance, data protection, and deployment together so that you can test and deploy AI-driven applications with consistent control from day one. As AI systems expand in scope, that consistency means that you can manage change while maintaining total visibility into how agents access data and take action.

Explore how the Agentforce 360 Platform supports secure AI development with built-in DevSecOps capabilities.