Cloudy with a laptop standing next to text that says, "Security + AI Basics for Salesforce Admins."

Security + AI Basics for Salesforce Admins


Artificial intelligence (AI) is everywhere right now and everyone is talking about it. From having fun with generative imaging to staring in wonder at driverless cars, it seems that AI is popping up all over the place. Salesforce has made a ton of AI announcements with Sales GPT, Service GPT, Slack GPT, and beyond. As a Salesforce Admin, you’re probably asking a lot of questions about how these new AI products will change your Salesforce strategy, especially when it comes to security.

Security is one of the top (if not most) important responsibilities of a Salesforce Admin, so it’s critical that you start thinking now about how to prepare for new security challenges with AI. The most successful Salesforce Admins are ones that think ahead and plan for new features, so here’s my attempt to help you get ahead of these AI innovations and set your company and yourself up for success.

There are ways in which AI can be used to improve security with prevention and automation, and ways in which AI can introduce net new security risks like producing inaccurate results and increasing the complexity of cybersecurity attacks. At Salesforce, our Ethics, Legal, and Security teams work closely together to shape our AI strategy, which is why we develop our products using these trusted AI principles—responsible, accountable, transparent, empowering, and inclusive—which might be helpful as you put together your own strategy.

I think of AI and security for Salesforce Admins (and all practitioners) in four buckets: user access and usage, Salesforce products, admin skills, and enablement.

User access and usage

The first thing all Salesforce Admins should do is develop a policy about users taking data from Salesforce and putting it into an external generative tool or database. If a user shares potentially sensitive corporate or customer information with a large language model (LLM), that means an attacker or competitor could access that information through prompts. So right now, I recommend partnering with your legal department to create a company policy so your users know how to protect company data. It might read something like, “Don’t put any data from our Salesforce system into an external AI tool.”

The next thing to think about is people using AI to input data into Salesforce or to create code for building Salesforce. As they say, bad data in, bad data out. So if someone uses a generative AI tool to create data and then adds that into Salesforce, it could compromise your data quality. Same goes for using AI tools to generate code. There’s no guarantee that the code generated will be up to industry security standards, so you need to treat anything generated with external AI tools as untrusted.

Salesforce AI products

Here’s the good news: Salesforce has a built-in trust layer for our AI products. When you’re building solutions with Sales, Service, Marketing, Commerce, Slack, or Tableau, the trust layer ensures your data is secure by protecting personally identifiable information (PII) and creating guardrails to prohibit things like publishing code directly to production. You can learn more about the latest AI innovations at Salesforce in this great keynote from London World Tour.

To set your company up for success with AI, now’s the time to clean and classify your data. That means figuring out which levels of data require protection and what AI will have access to. As Jason Ross, lead enterprise security engineer at Salesforce, says, “This can be a tedious process, but it’s critical to the security of the org.”

Admin skills

Now that you’ve got your security AI strategy in place for your company, it’s time to focus on your own personal strategy. “Salesforce Admins are going to be rockstars with AI,” says Patrick Stokes, EVP Products & Industries at Salesforce (watch the full discussion here). Why? Because Salesforce Admins already have the skills to put AI to work securely and effectively with Salesforce. You’ve already got strong security mindset skills because you’re reading this post. Now, you can strengthen your AI skills on Trailhead and experiment with generative chat tools to learn how to create great prompts, which will come in handy for building great user experiences with Salesforce’s generative AI products.


As a Salesforce Admin, one of your biggest (and perhaps toughest) jobs is to get buy-in from stakeholders and get users to adopt your solutions. When it comes to AI, the first questions your stakeholders and users will ask are about security and safety: “How do we know our data is protected?” “Can we trust AI?” “Will AI change or take my job?” That means it’s your job to address these questions and fears by listening and educating. Listening is perhaps the most important piece of this task because if you listen to your stakeholders and users, you learn what they need and they feel like you care about their needs.

Another helpful thing to explain is that Salesforce runs on our own platform, and any Salesforce AI product you use, we use. As Jason says, “We understand the security concerns IT and executives have around AI, and we’ve worked diligently to provide information to educate about those concerns, as well as provide technical controls in the platform itself to address them. Key among these strategies is the zero-retention policy Salesforce has in place for AI processes: The data customers provide to AI for use is not kept beyond the processing step and is not used to further train models.” The information our top-notch AI Research team has developed around AI will help you address your stakeholders’ concerns.

Before you get overwhelmed by AI and security, remember that AI is not new to Salesforce. Einstein Bots and Einstein Next Best Action have been generally available (GA) for many years, and yes, they’re built with AI. That means Salesforce (and possibly you) has years of experience building in security with AI products. You’ve got this, Salesforce Admin!


Headshot of Tom Hoffman next to text that says, "AI Prompt Writing for Salesforce Professionals."

AI Prompt Writing for Salesforce Professionals

The rise of the machines Machines and artificial intelligence (AI) have been part of popular discussion since Samuel Butler authored Erewhon (1872), where his satirical utopian society explored the morality of conscious machines as a natural evolution of the Industrial Revolution. One-hundred and fifty years later, OpenAI released GPT-4, introducing the world to AI that […]

Get Ready for MFA: Tips to Help Users Recover Access

Get Ready for Multi-Factor Authentication: Tips to Help Users Recover Access

As an #AwesomeAdmin, part of your role is managing and maintaining user access. So when multi-factor authentication (MFA) goes into effect for your org–whether you’re turning it on yourself or waiting for Salesforce to auto-enable it for you–it’s important to know how to resolve MFA-related access issues that users may encounter. Access issues typically fall […]

Astro with a clipboard under text that says "Get Ready for MFA: Prepare Your End-Users"

Get Ready for Multi-Factor Authentication: Prepare Your End-Users

With multi-factor authentication (MFA) auto-enablement for Salesforce orgs on the horizon, you might be wondering how to prepare your users for this change. We’ve got you covered! Busy people aren’t always receptive to change. To hit the right notes with your Salesforce users, share why MFA is a critical security measure and help everyone quickly […]


Have an Idea for a Story?

We are all about the community and sharing ideas.
Do you have an interesting idea or useful tip that you want to share?