Agentforce

Enterprise

Salesforce

Product overview

Name of Agent: Agentforce

Short description of agent: "Agentforce is a proactive, autonomous AI application that answers questions, takes actions, and improves productivity" (link, archived)

Date of release: 12/09/2024 (link, archived)

Advertised use: "Customer Service, Sales Development, Employee Support, Deep Research, Coaching and Teaching, Product Recommendation, Attendee Support, Appointment Scheduling" (link, archived)

Monetisation/Usage price: unlimited addon for existing subscriptions (125) or pay per action or conversation (link, archived) 5 for 100 actions (link, archived) 2 per conversation (link, archived)

Who is using it?: enterprises

Website: (https://www.salesforce.com/uk/agentforce/, archived)

Category: Enterprise

Company & accountability

Developer: Salesforce

Name of legal entity: salesforce.com, inc (link, archived)

Place of legal incorporation: Delaware (link, archived)

For profit company?: Yes

Parent company?: Salesforce

Governance documents analysis: Terms are by user type (link, archived), Privacy (link, archived), Compliance are by topics and region and lists contact channels (link, archived)

AI safety/trust framework: principles for responsible agentic (link, archived) AI, guidelines (link, archived) for responsible development of AI

Compliance with existing standards: Agentforce maintains several industry-standard attestations—including SOC 2 Type II, ISO‬ ‭ 27001, PCI DSS, HIPAA, IRAP, and FedRAMP High (link, archived)

Technical capabilities & system architecture

Model specifications: Supports different models Anthropic, OpenAI, and Google (link, archived).

Documention: (https://developer.salesforce.com/docs/einstein/genai/guide/get-started-agents.html, archived)

Observation space: User input / chat history, various enterprise data sources established when creating the agent (link, archived)

Action space: Data retrieval and writing, and responses to user (link, archived)

Memory architecture: This article (link, archived) suggests you can make agents with memory.

User interface and interaction design: Document-like interface for writing instructions for the agent, kind of like a visual program composer. Also has code editing options. The agent developed is a chatbot

User roles: Designer (user is "programming" an agent to deploy on their own platform)

Component accessibility: Closed source, can use open source LLM

Autonomy & control

Autonomy level and planning depth: L1: the design editor has options to invoke an AI assistant to complete narrowly scoped tasks. L3-4 for resulting agent designed by the system, since it can elicit user feedback and approval

User approval requirements for different decision types: Resulting agent can elicit user approval

Execution monitoring, traces, and transparency: Unclear if the agent designed by the user can show CoTs/tool use/plans

Emergency stop and shut down mechanisms and user control: User can decline to approve agent actions

Usage monitoring and statistics and patterns: Unclear, but assume it's available through other Salesforce monitoring features?

Ecosystem interaction

Identify to humans?: Salesforce states Agentforce has “standard disclosure patterns baked into AI agents that send outbound content (link, archived),” but is unclear if these are active by default

Identifies technically?: The technical identity on the wire is that of Data 360’s Web Content (Crawler) (with a configurable user-agent that has a default user-agent string and documented IP ranges) ((link, archived), (link, archived))

Interoperability standards and integrations: - MCP support (link, archived) A2A support (link, archived)

Web conduct: Obeys robots.txt (link, archived), although it can be configured to override robots.txt directives, including options to ignore robots.txt entirely or only specific directives

Safety, evaluation & impact

Technical guardrails and safety measures: Agentforce supports action-level gating by distinguishing Public Actions vs Private Actions, with guidance to require identity verification before allowing private/sensitive actions (e.g., using a Customer Verification topic and restricting topics/actions until verification completes) (link , archived)Also supports “Agentforce Guardrails” that combine user-defined safeguards with Salesforce-managed protections

Sandboxing and containment approaches: None found

What types of risks were evaluated?: None found

(Internal) safety evaluations and results: None found

Third-party testing, audits, and red-teaming: None found

Benchmark performance and demonstrated capabilities: None found

Bug bounty programmes and vulnerability disclosure: Yes (link, archived)

Any known incidents?: None found

← Back to 2025 Index