Agentforce & Trust: Deloitte’s Approach to Secure & Compliant Salesforce AI Use

At a time where artificial intelligence (AI) is revolutionising business operations, Deloitte introduces a structured approach to securely and confidently adopt Salesforce's transformative AI capabilities, such as Agentforce. While those AI features offer immense potential to enhance customer engagement and employee support, their adoption comes with significant challenges, including cyber security risks, regulatory compliance issues, and data privacy concerns. Deloitte's whitepaper outlines the critical measures organisations must take to mitigate these risks, so they can safely unlock the full potential of Salesforce AI.

Key challenges to Salesforce AI adoption

1. Cybersecurity & data privacy risks: Threats like prompt injection attacks, insufficient access controls, and data breaches necessitate robust safeguards, including encryption, anonymisation, and strict access restrictions.
2. Regulatory compliance: Non-compliance with frameworks like GDPR and HIPAA due to inadequate consent management and data residency controls, can lead to penalties and reputational damage.
3. Bias & fairness violations: AI models may produce biased outcomes, highlighting the need for fairness and transparency measures.
4. Audit & governance gaps: Lack of governance structures and risk management frameworks can hinder compliance and operational efficiency.
5. Data retention & masking issues: Violation in data retention and masking policies can pose privacy risks, especially for organisations operating on sensitive or business critical information.

Comprehensive solution approach

To address these challenges, Deloitte first emphasises a secure and compliant Salesforce platform as the foundation. Salesforce’s AI feature runs on this platform. AI inherits the strengths and weaknesses of your existing Salesforce setup—without proper groundwork, it can inadvertently expose sensitive data or violate compliance requirements. Our whitepaper outlines a phased approach, beginning with platform hardening, followed by AI-specific best practices and more advanced Agentforce safeguards. Key recommendations include:

• Data access governance: Enable audit trails and apply IAM principles such as least privilege and need-to-know, ensuring that AI only retrieves authorised data through the monitored Einstein Trust Layer.
• Data classification & encryption: Define compliance mappings and encryption strategies to support masking of sensitive information.
• Regulatory compliance framework: Establish consent management mechanisms and adhere to data retention laws to keep AI from processing outdated or restricted data.
• Bias & fairness safeguards: Define ethical boundaries for AI outputs, select trusted language models, and monitor AI behaviour to prevent bias.
• Secure automation: Conduct security assessments (including code security reviews) on Apex and flow-based automations to eliminate potential inherent vulnerabilities.
• Scoped agent design: Narrowly define agent roles and topics, and enforce strict identity verification to limit access to private actions and data.
• Operational readiness: Integrate AI with change management, disaster recovery, and risk frameworks to ensure reliable, compliant deployment.
• Phased AI rollout: Gradually enable AI capabilities with rigorous testing and restricted access to ensure trustworthiness.

The Deloitte advantage

Embarking on a trustworthy AI journey within Salesforce requires more than just technical capability – it demands a partner with a deep, cross-functional understanding of AI risks, regulatory obligations, and Salesforce platform specific complexities. As one of the world’s most recognised Salesforce partners, Deloitte offers unmatched expertise across the full spectrum of Salesforce AI transformation. Our globally integrated Salesforce practice combines specialised knowledge in technical architecture, cybersecurity, regulatory compliance, and AI protection.

Whether you are just starting, looking to accelerate your Salesforce AI journey, or conducting an audit of already implemented solutions, Deloitte offers tailored services that meets your requirements and expectations. From foundational security assessments to strategic AI rollouts and custom AI designs, we meet clients where they are—and guide them to where they need to be.

With Deloitte, you gain more than an implementation partner. You gain a trusted advisor committed to building secure, compliant, and future-proof AI capabilities.

Download the whitepaper

For a deeper dive into Deloitte’s approach to trustworthy AI adoption, download the summary snapshot. It provides actionable insights and detailed strategies to help organizations confidently navigate their AI journey.