Salesforce has announced two new AI agents operating on its Agentforce platform: one agent that monitors activity, detects anomalies, and accelerates investigations and remediations in the Salesforce Security Center; and one that streamlines compliance tasks in the Privacy Center.

“The things that our customers are already doing today, we’re just helping them to do that more efficiently, effectively, more quickly,” says Marla Hay, Salesforce SVP of product management for security, privacy, and data protection. “And we’re helping them to really think about how they want to take on that agentic transformation in a way that feels secure, safe and compliant.”

These two new agents access Salesforce security and compliance information and will soon expand to external data, such as feeds from a customer’s other security systems.

“Our customers have security, privacy and compliance teams who aren’t necessarily Salesforce experts,” says Hay. “And Salesforce experts who are not necessarily security and compliance experts. We want to bridge those two things together.”

Salesforce has already announced a partnership with CrowdStrike as one example of such a capability. These partnerships are part of a move towards even more integrations that will extend agentic capabilities in the Salesforce Security Center via its AgentExchange marketplace.

More than chatbots

The agents are more than just rebranded chatbots who only answer questions. The company says that they can detect events and then take relevant actions. “It is not waiting for a human to initiate the interaction — it is running independently,” Hay says.

The security agent can analyze event logs to identify unauthorized or unusual actions, guide step-by-step incident response, and autonomously freeze users exhibiting suspicious behavior, according to Salesforce. The privacy agent scans Salesforce metadata and data privacy policies against regulatory frameworks like GDPR and CCPA to surface sensitive data exposure and non-compliance risks and can autonomously re-classify sensitive data or implement right-to-be-forgotten policies.

Constellation Research analyst Chirag Mehta recommends that enterprises take a measured approach to their adoption of these agents instead of jumping straight into fully autonomous agents.

“They have an agentic workflow that runs behind the scenes,” he explains. “If someone logs in from, say, North Korea, it checks the systems accessed. And, say, they touched these five systems and it doesn’t seem right.”

The agent would then alert a human security analyst about the event, provide all the context about what’s going on, and then present a remediation plan. “And you can accept the plan,” Mehta says. “Or you as a human, as a security analyst, can say, ‘I don’t agree with this plan.’ Or you might want to double-check before you execute on this plan.”

In the past the analyst would simply get an alert and then have to go and figure out who logged in, and what systems they have access to, and what else might be infected, and whether it’s even a real incident or a false positive.

Machines are much better at sifting through all that, he says, as well as being much faster.

“With security, every second, every minute counts,” Mehta says. “The negative impact amplifies. You don’t just have systems down, but the adversaries could get access to even more stuff.”

Enterprises that aren’t currently using the Security Center add-on should consider it, he says. And those who are, should enable the AI agent functionality. “Customers should absolutely use it,” he says. “See how useful it is, what the remediation plans looks like, then, once they build trust, they should start automating one thing at a time.”

Salesforce Agentforce

Agentforce is a relatively new platform but has already evolved at an extremely rapid pace. It was first unveiled in September 2024, became generally available the following month, added testing and agent lifecycle management tools in November, announced integration with Slack and other platforms in December, added autonomous agents that can take action on their own this past March, and also launched an agent marketplace at the same time with more than 200 partners. Then Salesforce added native MCP support in June as well as an array of new MCP integration partners including AWS, Box, Cisco, Google Cloud, IBM, Notion, PayPal and Stripe.

As of September, Salesforce said it had closed more than 12,500 new deals since Agentforce was launched.

“Salesforce wants to be the agentic center of the universe,” says Peter Nebel, chief strategy officer at AllCloud, a cloud consultancy.

On the same month, a critical vulnerability in Salesforce’s Agentforce was disclosed. The vulnerability could trick the AI agent into leaking sensitive CRM data through indirect prompt injection. It has since been patched.

The basic security and compliance agents are available today. CrowdStrike integration is expected later this year. In early 2026, Salesforce will add autonomous threat detection and triaging, access to agents via Slack, and custom data compliance policies.