Salesforce Integration
Salesforce is a prime target for RAG attacks because it aggregates external data (emails, cases) that is often fed directly into LLMs (Einstein Copilot).
Koreshield provides a specialized template for Salesforce that maps standard objects to our threat taxonomy.
Supported Objects
| Salesforce Object | Mapped Vector | Severity |
|---|---|---|
EmailMessage | email | High |
FeedItem (Chatter) | indirect | Medium |
Case (description) | indirect | High |
KnowledgeArticle | document | High |
Implementation
We recommend using a Python middleware (e.g., in AWS Lambda or Heroku) to scan data before it reaches your RAG pipeline.
Prerequisites
- Export your Salesforce credentials.
- Install
Koreshieldandsimple-salesforce.
Code Example
from simple_salesforce import Salesforce
from Koreshield import AsyncKoreshieldClient
from Koreshield.crm_templates.salesforce import SALESFORCE_TEMPLATE
# 1. Connect
sf = Salesforce(username='...', password='...', security_token='...')
ks_client = AsyncKoreshieldClient(api_key="ks_...")
# 2. Fetch recent emails (potential vector)
query = "SELECT Subject, TextBody FROM EmailMessage ORDER BY CreatedDate DESC LIMIT 5"
emails = sf.query(query)['records']
# 3. Format for Koreshield
documents = []
for email in emails:
documents.append({
"id": email['Id'],
"text": f"Subject: {email['Subject']}\nBody: {email['TextBody']}",
"metadata": {
"source": "salesforce",
"object": "EmailMessage"
}
})
# 4. Scan with Salesforce Policy
result = await ks_client.scan_rag_context(
user_query="Summarize recent issues",
documents=documents,
config=SALESFORCE_TEMPLATE # Apply Salesforce-specific rules
)
if not result.is_safe:
print("Blocked malicious email content from RAG context")
Security Policy
The SALESFORCE_TEMPLATE automatically configures sensitivity:
- Email Body: Highest sensitivity (often contains untrusted external input).
- Internal Comments: Lower sensitivity (trusted agents).
You can override these defaults in your SecurityPolicy.