Researchers uncovered a security flaw in Salesforce’s shiny new Agentforce. The vulnerability, dubbed “ForcedLeak”, let them smuggle AI-read instructions in via humble Web-to-Lead form… and ended up spilling data for the low, low price of five dollars.
And we discuss why data breach communications still default to “we take security seriously” while quietly implying “assume no breach” – until the inevitable walk-back.
Plus, we take a look at ITV’s phone-hacking drama with David Tennant, and take a crack at decoding the history of the Rosetta Stone.
Hear all this and more in episode 437 of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley, joined this week by special guest Paul Ducklin.
Smashing Security #437:
Salesforce's trusted domain of doom
Host:
Graham Cluley:
@grahamcluley.com
@
/ grahamcluley
Guest:
Paul Ducklin – @duckblog
Episode links:
- Harrods suffers new data breach exposing 430,000 customer records – Bleeping Computer.
- Caméras dissimulées : la CNIL sanctionne la Samaritaine – CNIL.
- ‘Total internet blackout’ in Afghanistan sparks panic after Taliban vowed to stamp out immoral activities – CNN.
- ForcedLeak: AI Agent risks exposed in Salesforce AgentForce – Noma.
- The Hack – itvX.
- The Hack – YouTube.
- The Rosetta Stone: The Story of the Decoding of Hieroglyphics – Amazon.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- SecAlerts – SecAlerts makes your job easier by matching vulnerabilities to your software, using information as soon as it’s released. Use code SMASHING for 50% off a year subscription.
- ANON – Find, monitor and remove data about yourself online. Manage your digital footprint with ease. Use code SMASHING for a 25% discount.
- Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
Support the show:
You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.
Become a Patreon supporter for ad-free episodes and our early-release feed!
Follow us:
Follow the show on Bluesky, or join us on the Smashing Security subreddit, or visit our website for more episodes.
Thanks:
Theme tune: “Vinyl Memories” by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
