Smashing Security podcast #437: Salesforce’s trusted domain of doom

The Smashing Security podcast episode describes researchers discovering a vulnerability in Salesforce Agentforce called “ForcedLeak” that allowed attackers to inject AI-readable instructions through a Web-to-Lead form and exfiltrate data for a reported cost of five dollars; the episode covers the flaw and broader discussion about breach communications rather than providing a detailed technical analysis.