With this year’s recent events in the Salesforce ecosystem, security is definitely a hot topic. Dreamforce 2025 featured Salesforce’s first-ever Security Keynote, spotlighting how organizations can stay secure in the age of the Agentic Enterprise.
Security threats have evolved, and therefore security should evolve as well. After all, AI-driven agents are now capable – and expected – to handle more business-critical work than ever before.
The Shared Responsibility Model
First off, everyone should know about the Shared Responsibility Model. Basically, this means that security isn’t just the responsibility of Salesforce, nor is it solely the responsibility of users or customers. It’s a shared effort between Salesforce and its customers.
This can be explained through three layers of work:
- Invisibles: The always-on protections that Salesforce manages behind the scenes (monitoring, patching, infrastructure defense). In short, this is the responsibility of Salesforce.
- Configurables: The security settings customers can control, such as MFA, IP allowlisting, permission management, and much more. This is the responsibility of the customer (Salesforce users).
- Enhanceables: Premium capabilities and add-ons that go beyond what’s available out of the box.
The Invisibles fall under Salesforce’s responsibility – customers don’t need to lift a finger to manage these. As for the Configurables, here are some new highlights that customers can explore and fine-tune for their own orgs:
1. Security Health Check Enhancements
One of the most practical updates announced during the keynote was for Security Health Check. For anyone unfamiliar, Health Check gives you a quick snapshot of how your org’s security settings compare to Salesforce’s recommended baseline – essentially things like password policies, session timeouts, and login restrictions.
What’s new this year is how much smarter and more proactive Health Check is becoming.
Instead of simply showing you a static score, it will notify admins by email whenever their score changes – for example, if a configuration is modified or a new vulnerability surfaces. You’ll no longer need to remember to check manually, because it will keep you updated in real time.
This is coming in Spring ‘26 – so look forward to it!
The scoring model is also getting an upgrade. It’s being refined to include new signals that account for risk and usage context, meaning your score will reflect not just whether a setting is on or off, but how critical it is to your overall security posture. This gives admins a more accurate and actionable picture of where to focus.
During the demo, it was shown how a simple tweak – like enforcing stronger password rules or even just limiting trusted IP ranges – could instantly improve the org’s Health Check score. It was a reminder that small adjustments can add up to big gains in protection.
2. Setup with Agentforce
Could this be the security admin’s new best friend? Salesforce framed this as if it’s your personal AI sidekick inside Setup, so it’s one that knows exactly where every configuration lives, what it does, and how it affects your org’s security posture.
This means there would be no more clicking through endless setup menus and help docs, because admins can simply ask Agentforce in plain language. Need to enable multi-factor authentication? Tighten password policies? Review permission set assignments? Just ask, and the assistant can show you where to go – or even better, it can take action directly, walking you through every step with explanations along the way.
Note that this doesn’t consume any AI credits, so teams can start using it right away without worrying about costs or usage limits.
Moving on to the Enhancables, Salesforce has the following…
3. Security Center
This is Salesforce’s one-stop hub for managing security across multiple orgs. So if you’re an admin who’s struggled with juggling multiple sandboxes, production environments, and compliance requirements, you know how challenging it can be to keep everything aligned. Security Center solves that by giving admins complete visibility and control from a single dashboard.
From one screen, you can now view and compare Health Check scores across orgs, monitor permission assignments, and identify risky configurations – all without having to jump between environments. The new updates take this further by allowing admins to deploy consistent policies (like password rules or IP allowlists) across sandboxes and production. Can we finally bid inconsistencies between test and live environments goodbye?
The keynote demo showed how a simple policy update, such as enforcing stricter password policies, could be rolled out to multiple orgs instantly!
Security Center also serves as a bridge between the Configurables and the Enhanceables in Salesforce’s Shared Responsibility Model. It brings together insights from tools like Health Check, Shield, and Data Detect, while also integrating AI-driven insights from Agentforce. For instance, admins can see when an AI agent detects a pattern of suspicious activity, correlate that with login trends, and take immediate action – all from one place. It’s literally a security command hub.
4. Data Detect
Another standout feature highlighted in the keynote was Data Detect, a tool designed to help organizations automatically find, classify, and protect sensitive data across Salesforce. Data Detect is a newer addition to the Shield family of services.
Data exposure involving sensitive information isn’t always intentional, but it can create serious compliance and security risks. For example, if you’ve ever discovered personal or confidential information stored where it shouldn’t be – like a credit card number tucked inside a comments field or a customer’s national ID typed into a text box – you’ll understand exactly why this matters.
Data Detect solves that by continuously scanning your org for sensitive information using AI-powered pattern recognition. Once it identifies potential risks, it doesn’t just stop at alerting you – it can automatically apply the right security measures, like encryption, redaction, or transaction blocking.
Data Detect integrates well with other security tools. It feeds into Security Center for centralized visibility and complements other Shield services for organizations already using Platform Encryption or Event Monitoring. Together, they form a layered, proactive defense system.
5. Security Mesh
Built with partners Okta and CrowdStrike, Security Mesh lets Salesforce “talk” to your other systems about what’s happening and respond faster when something looks off.
Security Mesh creates a shared layer of intelligence that connects identity and threat signals across systems or multiple platforms. For example, if a user logs into Salesforce from one location and another app from a different location minutes later, the system flags or blocks it automatically.
Final Thoughts
Wow, that was a lot! Dreamforce’s first-ever Security Keynote showed that protecting the Agentic Enterprise is all about preparing for the worst (knock on wood). With every new agent, automation, and integration comes a new layer of risk, and Salesforce is clearly rethinking security as a continuous, intelligent process rather than a one-time setup. And with the Shared Responsibility Model, Salesforce made it clear that trust is still a team effort.
As with the other major parts of Salesforce, what stood out once again was how Agentforce fits naturally into the security vision. There’s no running from AI at this point, because it’s officially part of the organization’s immune system.
