Strengthening Salesforce Security Against AI-Driven Threats

The acceleration of generative AI has transformed how cybercriminals operate, allowing single actors to automate credential theft, craft hyper‑personalized phishing, and harvest data at scale. Traditional defenses that rely on static rules struggle against this speed and sophistication, prompting cloud platforms to rethink their security posture. Salesforce’s new enforcement schedule reflects a broader industry shift toward continuous, identity‑centric protection that can adapt in real time to AI‑enhanced attack vectors.

Starting June 2026, Salesforce will require multi‑factor authentication for every login, extending the safeguard beyond the 2022 baseline. Administrators and users with high‑privilege permissions must adopt phishing‑resistant MFA, a cryptographic method that thwarts man‑in‑the‑middle attacks. In parallel, step‑up authentication will trigger for report exports and any anomalous activity, ensuring that data extraction requests are verified at the point of use. Enhanced Transaction Security Policies now intervene automatically when export volumes exceed thresholds, turning passive monitoring into active exfiltration prevention.

Beyond mandatory controls, Salesforce is expanding its security ecosystem with built‑in tools like Security Health Check, IP restrictions, and session‑level policies, while premium offerings such as Shield, Security Center, and Data Mask provide deeper visibility and compliance capabilities. The newly introduced Security Health Review service offers continuous, expert‑guided assessments for Signature Success Plan customers, turning security audits into an ongoing partnership. For enterprises, embracing these controls not only mitigates AI‑driven risk but also aligns with governance frameworks that demand demonstrable, proactive security measures.