WithSecure Launches Native Malware, Phishing Protection for Salesforce Agentforce
AI Agents Open New Attack Vectors in Salesforce—and WithSecure Moves Fast to Keep Them Secure to Use

Enterprises are racing to adopt Salesforce Agentforce. In doing so, they are opening their platforms to customers, partners, and other third parties using Artificial Intelligence (AI) agents to automate customer conversations, workflows, and data processing at unprecedented speed. But that speed also creates a new risk: Attackers could use agentic AI to push malicious files and links through Salesforce without malware protection. WithSecure is looking to address this gap.
Traditional email or endpoint tools don’t protect Salesforce. Since Salesforce doesn’t scan files and links for cyber threats, organisations face a blind spot in one of their most business-critical platforms — and must prepare for new types of AI-driven attacks.
“AI adoption has accelerated faster than most security controls,” said Juhana Autio, General Manager and VP at WithSecure Cloud Protection for Salesforce. “The question now is: how do you secure and manage your AI agents? That’s what enterprises are asking us — and what we have set out to answer.”
Securing Agentic AI at Scale
Today, WithSecure announced a security extension to its Cloud Protection for Salesforce solution, delivering native real-time malware and phishing protection for Agentforce. The extension works inside Salesforce to stop malicious files, links, and agent actions, thereby securing the Salesforce environment and preventing breaches.
The new solution provides the enterprise-level protection needed to Agentforce:
-
Securing Agentforce workflows: Automatically scans and protects all files and URLs in Agentforce workflows.
-
Compliance: An enterprise-grade solution built for the most demanding environments across industries.
-
Native integration: Ensures protection without interrupting or slowing down Agentforce workflows.
Closing the Security Gap with WithSecure
As Agentforce processes more files, links, and actions through Salesforce, phishing and malware risks increase. “Salesforce is both a valuable target and a powerful channel for attackers,” Autio added. “If you’re not inspecting what your AI agents touch, you’re effectively blind to an entirely new attack surface.”
WithSecure’s native protection stops threats at the source without slowing AI operations.
Availability
The WithSecure Agentforce extension is now available on Salesforce AgentExchange and AppExchange to all WithSecure Cloud Protection customers as part of existing licences.
For more information, visit: https://cloudprotection.withsecure.com/protection-for-agentforce/



