Last year was a tough one for Salesforce customers. To recap, there were numerous breaches and multiple coordinated attacks. Salesforce’s Agentforce had serious security disclosures. Hackers claimed that over one billion Salesforce records were stolen.
This is the new reality for Salesforce customers, and in 2026, it will be virtually impossible to ignore the security demands of the Salesforce ecosystem. Given the backdrop of this, where do we go from here?
Instead of creating yet another security guide with advice on how to do “security” on Salesforce, I’d like to propose five principles that will address the problem without getting into the specifics of the platform and will have a long-lasting positive impact on the Salesforce Ohana. These foundational principles will transform how we approach Salesforce security:
1. Acknowledge the Problem
We saw that major brands such as Google, Adidas, Workday, and Coca-Cola, along with hundreds of others, were affected by the breaches. If you were unaffected, it doesn’t mean you don’t have a problem.
If you don’t understand the security demands of Salesforce as a customer, you may be closing your eyes to a clear and present danger. Salesforce teams and Security teams alike should first and foremost acknowledge that there is a problem.
Why Acknowledgment Matters
- Recognition is the first step toward meaningful action.
- Denial delays critical security measures.
- The threat is real, widespread, and ongoing.
- Even unaffected organizations face the same vulnerabilities.
2. Understand the Problem
“If I had an hour to solve a problem, I’d spend 55 minutes thinking about the problem and 5 minutes thinking about solutions.”
Albert Einstein
The fact of the matter is that the most important aspect of solving any problem is understanding it completely. Salesforce is a very complex platform with many moving pieces and many areas of expertise.
Salesforce is also a very secure SaaS platform, and none of the exploits were a result of the platform itself. This makes the problem difficult to understand.
Salesforce customers expose an attack surface once they start customizing Salesforce by writing custom code, adding integrations, creating web components, adding connected apps, installing packages, changing configurations, etc.
Critical Understanding
- An attack surface is the sum of different points where a malicious attacker can enter.
- Perform an attack surface analysis of your Salesforce stack.
- You cannot fix what you don’t know is broken.
- Knowledge of the actual problem can only lead to a good solution.
3. Don’t Plan Your Security Around the Breaches
The knee-jerk reaction is to center all your security efforts around how the recent breaches have unfolded. It is true that the immediate risk, such as addressing risk for connected apps and vishing, should be the priority, but thinking that this is the only attack vector is a grave mistake.
It is unwise to only protect against known issues. There needs to be awareness in both the security teams and Salesforce teams that there are many attack vectors and risks we must protect against.
Beyond Known Threats
- Connected apps and vishing are just the beginning.
- Multiple attack vectors exist and evolve constantly.
- Prepare for unknown threats, not just past incidents.
- Comprehensive security requires broad awareness.
4. Look for Allies and Join SecurityForce
ShinyHunters and Scattered Lapsus$ are malicious hacking groups that have banded together to hack and breach organizations. As Salesforce practitioners, we must band together to protect the Salesforce ecosystem as a whole in the true spirit of Ohana.
Salesforce is one of our biggest allies. To this effect, we’ve launched a group that is 300 members strong already, to help each other. We should look for allies in our security journey and share our combined wisdom to protect against the ever-increasing, persistent threat.
The Power of Community
- Strength in numbers against organized threat actors.
- Share knowledge and experiences across organizations.
- Learn from others’ security challenges and solutions.
- Build collective defense in the spirit of Ohana.
5. Security is a Journey, Not a Destination
Many vendors would position themselves as the only solution needed to achieve security in a Salesforce environment, and that is a tell-tale sign that you’ve stumbled upon a hollow promise.
The fact of the matter is that many breached organizations were using security tooling, and indeed, some were security companies themselves. It is our responsibility to start this security journey, knowing that there is no such thing as perfect security, and to improve continuously and stay ahead of the attacks and threats.
Continuous Improvement
- No single tool or vendor provides complete security.
- Even security companies themselves were breached.
- Perfect security doesn’t exist – continuous improvement does.
- Stay ahead through constant vigilance and adaptation.
Join the SecurityForce Movement
These steps, if taken with intention and determination, will go a long way in securing the Salesforce stack – especially with the rise of Agentforce and Agentforce Vibes.
Become part of a solution that will create positive outcomes for the entire Salesforce ecosystem! Join SecurityForce.
Final Thoughts
The wave of major Salesforce security breaches affecting well-known brands and exposing over a billion records makes security an unavoidable priority for 2026.
Rather than just prescribing technical fixes, we must acknowledge that the problem exists even if you weren’t breached. Deeply understand your own attack surface (since breaches stem from customer customizations, not Salesforce itself), avoid narrowly focusing security efforts on past breach methods, collaborate with the broader Salesforce community, and treat security as an ongoing journey rather than a solved problem.
No single tool or vendor can guarantee complete protection.
