“I think the name of the game is just doing everything you can to minimize risk as much as possible…All we can really do is raise awareness about the difference between the security that Salesforce provides to the orgs versus what clients and customers and stewards of the orgs are responsible for protecting within the data of the Salesforce org.” – John Crimmings, DevOps consultant at Slalom Consulting and member of the Low Code Security Alliance
AI is accelerating how we build in Salesforce—from prompt-based automation to rapid configuration changes. But what happens when the tools evolve faster than our safety standards?
In this episode, Andrew Davis, Founder of the Institute for Transformational Leadership and author of Flow Engineering, sits down with John Crimmings, DevOps Consultant at Slalom Consulting and member of the Low Code Security Alliance, to unpack the overlooked risks of Agentforce and AI-powered development.
From user permissions to automation guardrails, this conversation explores how platform teams can build safer, smarter, and more resilient Salesforce environments—without pumping the brakes on innovation.
Transcript
Andrew Davis
Welcome to From Code to the Cloud, a DevSecOps podcast focused on the Salesforce ecosystem. I’m Andrew Davis, founder of the Institute for Transformational Leadership and author of the book Flow Engineering.
And my guest today is John Crimmings, a DevOps consultant at Slalom Consulting and also a member of the Low Code Security Alliance. Welcome, John.
John Crimmings
Thanks, Andrew. I’m really happy to be here.
Andrew Davis
Well, you and I have gone way back, relatively a bunch of years and very much appreciated your. You’ve been one of the main contributors to the Low Code Security alliance in terms of your thought and your exploration.
Do you want to just give us a brief background on your, your, Your history, your career, your areas of focus within Salesforce space?
John Crimmings
Sure, yeah. I’ve been in Salesforce space for almost 10 years.
Started a little bit late in my career, kind of found my way to software development after some time in financial journalism and radio.
Before that and after getting a certificate in software development, JavaScript, I found my way into Salesforce and had a great mentor and was able to, you know, get a full range of hands on experience and eventually made my way to consulting as solemn. And I love the ability to sort of help clients with problems related to Salesforce.
I like the constant changing environments, the industries, different types of clients. I think it’s really great to make connections between those, those things. And yeah, it’s a, it’s, it’s an exciting space to be in and I.
Andrew Davis
Spent a number of years as a consultant.
I also really appreciated, you know, you’re getting a new client all the time, so you’re learning fairly broadly about different industries and different technical challenges.
You and I, when you and I first connected, I think I learned that you had a degree in philosophy and I think if I’m recalling correctly, and there’s been something very thoughtful I’ve felt always about your approach both to DevOps and then also to Security. As we’ve had more recent discussions.
You know, when I think about philosophy, philosophy I think about, among other things, logic and ethics being key aspects. Right. The, the logic of.
Including the logic of seeing through spurious arguments and seeing through unreasonable, unrealistic claims and then the underlying ethical orientation of what’s actually best for customers. What’s actually best for clients is, is what’s being said in alignment with that, is that I’m seeing you nod. I’m getting some resonance with that?
John Crimmings
Yeah, I think there’s a sort of, you know, a rationality bone inside me in front of a lot of people.
And I think, you know, in Salesforce, a lot of times you see things that don’t always feel rational, and you want to sort that order and you want to put it into place, and you want things to make sense and make logical sense. And yeah, I think that’s a interesting connection that you’ve made for some of the paths that I’ve taken within Salesforce.
You know, I think, you know, you and I met through DevOps interest, and I think there is a great place to be in if you want to bring order and rationality to Salesforce is the release manager, the application lifecycle. And yeah, I think that’s probably part of why I’ve really was drawn to it. And, And. And even now, security, I think it’s just.
It’s bringing order in from chaos.
Andrew Davis
And the ethics aspect, you know, we. When somebody. If somebody enumerates, you know, the things that are studied and looked at in. In.
In philosophy, it looks a little bit abstract, but the ethics is basically. Do you actually, like. Do you actually care about your clients? Do you actually care about them getting the good results?
And if you really care about them, then the logic bit becomes really important. Like, will this actually work? We’ve got a bunch of decisions we’re making. Are things going to unfold the way we think it’s going to unfold?
Are we actually going to get the results that we’re hoping to get?
John Crimmings
I think it’s nice to think about, you know, an ethical moral philosophy sort of. Sometimes there’s frameworks where put yourself in the place of the least advantaged person and divide, divide. Design a system for that.
And I think in Salesforce, yeah, I’m sure. I know for a fact my information is in a number of different Salesforce orgs.
And so, you know, personally, so it’s nice to sort of think about, okay, if I’m building an org or helping design an org from a security standpoint or an efficiency standpoint, what if my data is in there? What if, you know, they’re trying to help me get to the end of a problem that I’m having. You know, thinking of it that way.
Putting yourself as somebody who might be in the org. Yeah, I think that does ground the work a little bit in a more ethical grounding.
Andrew Davis
Yeah, both of our data is probably in more Salesforce orgs than we realize. If, to the degree either of us ever get automated phone calls, or emails from folks trying to get our attention. That probably is an indication.
So that maybe brings us to. We were talking about AgentForce recently, and you had done a bunch of experimentation in terms of prompt engineering.
Do you want to tell us a little bit more about that, the context and your explorations?
John Crimmings
Yeah, I, you know, it started, I think I either read an article or listened to a podcast about prompt engineering, and it was not something that was on my radar. And I thought, oh, that’s kind of fascinating. Wonder what you can do with Salesforce and agentforce.
And I hadn’t really played around with Agent Force too much before doing this.
And I just spun up an org with, you know, that I could start playing around with it in and just started asking questions and, you know, just some context. When you start, when you create an org, an sdo org like I used for this, you. Your user is assigned system admin. So by default.
And the agent that you’re assigned to is the employee agent. I think now it’s called Agent Force, you know, employee agent.
And that means that the agent that you’re using, the chat bot you’re talking to assumes your own permission and so the user permissions. So by just kind of playing around with the, with agent Forest, asking it questions like, can you change my username? Can you change Andrew’s username?
Can you change Andrew’s email address? I was, you know, I think at first thinking like, this is crazy, like I shouldn’t be able to do this.
Um, but that sort of was, you know, I think I was, I was thinking that way because of how easy it was, right? Like, this is a new way of interacting with Salesforce, a new interface for, for doing this work.
It’s not surprising because I am a system administrator, like, I can go into setup, I can change your username, I can change your email.
There’s multiple steps to do that, and at each step there’s sort of, you know, delay built into the process to make sure that what you’re doing is what you intended to do. And Agent Force out of box in this way provided a very streamlined way to do it.
And I think that the ease in which you could do it was just, you know, reiterated sort of the, the fact that, that what we’ve discussed previously, you know, as part of the low code security alliances, is if you don’t really know what you’ve given your users access to now that you have a powerful, really quick, easy tool to manipulate your Org, that opens up a whole new surface area for security problems to Pop up.
Andrew Davis
And so sometimes when we think about prompt engineering, we’re thinking about escalation of privileges, right? That you were not supposed to be able to do something, but somehow you jail, jail broke or jail. I don’t know if you say jail break to jail broke.
You, you broke out of the jail with the prompt engineering, you got some privileges you weren’t supposed to have.
And so you felt like it initially looked like you were getting that and then you realized it was really just, it was reducing the friction in that process.
John Crimmings
Yeah, I think it was reducing the friction and I think I just wasn’t.
It’s funny because as soon as you change the interface, you, you feel like you’re doing something that you shouldn’t be doing because you’re talking to agent about it. But like I said, I am as a system administrator. It makes sense that those are things that would be granted to me.
It’s just as soon as you sort of change the paradigm in which you’re doing it, that’s when I think it made it seem more permissive than it actually is. But still, I think that awareness of that is really important because there’s things that people could do.
Just, you know, I’m not sure the level of logging that you can get down to to see who’s doing this and when’s doing it, and the ease in which you can do it can, can cause problems to, to compound pretty quickly. I think, you know, some other things that I was able to do just out of playing around was reassign people’s profiles.
Um, you know, things that like again I could do in setup, but just telling an agent to say Andrew’s, please change. Add Andrew’s profile to contract manager or minimum access. And yeah, it was pretty easy.
And I mean it can happen, it can happen so quickly that it’s, it’s, it’s, it’s just an, it’s, it’s, it’s an area that I think people aren’t fully aware could, can, can be done with AgentForce. And it’s important, I think that it gets called out.
Andrew Davis
Nice. One thing that’s coming to my mind is in when I was doing research, you know, I wrote this book, Mastering Salesforce DevOps, Once Upon a time.
And in the course of doing that, one of the metaphors that was really interesting to me was the metaphor of driving. Right. And the, the. Because in, in DevOps one of your goals is to accelerate the pace of software development.
And that I would say is also one of the goals of low code Development, you can accelerate what’s possible.
And AI powered development, whether you’re using agent force for developers or just using Agent force for employees or voice prompt or that all of those things we could say that they’re accelerating the pace of software development. And so there was a chart that I included in the book that was number of vehicle fatalities per 100,000 miles driven.
And it’s, it’s quite a beautiful chart because the numbers are ticking down very steadily over the last century. You know, starting in 19, let’s say 19, 20, 1915, how many people died in automobiles per 100,000 miles driven.
And the chart is pretty much sloping downwards and you’ve got these, these, these milestones, you know, the invention of the seatbelt in 1930 or whatever. Seat belts become mandatory in 19, you know, 70 or 80 or whatever. The invention of airbags. Airbags become mandatory.
You know, this vehicle lane, you know, whatever we have these days, the advanced driver safety devices, vehicle, you know, lane shift warnings and so forth. And so what’s happened though is that the number of miles people are driving keeps going up, right?
And the number of people who are driving keeps going up and with you know, GPS and, and, and so forth.
And then so you’ve got these countervailing tendencies, you know, you’ve got increased vehicle safety equipment but then you’ve got more and more people texting while driving and more distractions. For me all of that does point towards self driving. Cars are going to be like eventually necessary to save us from ourselves.
But I feel like we’re at a very similar state in the software development world. Right. The pace of development is increasing, the pace of building things in.
Salesforce is increasing and the safety features are perhaps a long way off.
It’s, it’s a little bit like when you buy a car, you know, the, the, the car salesman doesn’t stay with you and say, you know, you need to stay attentive, you shouldn’t be texting while driving. Right. They give you the keys, you drive off the lot and you’re on your own.
And now we imagine with these like agent force for employees, you can go twice as fast or 50% as fast. What are the risks with that and how soon will we get the equivalent of airbags?
John Crimmings
Yeah, it’s interesting, I mean I, I think about, it’d be interesting to know like what level of accidents were made, made like seatbelt, sort of like we should do this, right? Like what was the tolerance before that happen?
Because I think, I think like what’s interesting about The Agent Force conversation right now is that there’s a lot of really cool stuff that you can do with it. And I completely understand the interest.
People are always wanting to see demos about what Agent Force can do or what AI can do, generative AI, anything like that. Nobody is knocking down my door or our door to get a demo about security or talk about security, even though they’re so closely related.
I mean, if you follow AgentForce through the kind of cool factor into improving your processes and servicing information and data more quickly, even helping your customers, all that stuff is, you know, there’s amazing things you can do.
But if you’re not also thinking about the seatbelt, the airbag, the distractions, the things that are happening, you’re just, you’re, you’re just increasing the number of, I think, opportunities for problems to arise, you know, and I think, yeah, I think that, I think the two have to be hand in hand. Just the, the.
I’m not a, I’m not a marketer, but you know, there’s, there should be a good way to market the security side of Agent Force that can get people to, you know, think of it as more of a complimentary thing to Agent Force than, than something that they, that they don’t really need to worry about.
Andrew Davis
I tend to think a lot of things like security fall into the same category as public health, right? Like getting people to wash their hands. It’s like, it’s, it’s a bit of a heavy lift.
Like when we tried to get everybody to wear masks five years ago, it was, had a rebellion, you know, international revolts and the, what you, you mentioned up front that, you know, your data, you know, our data is stored in various salesforce orgs. What are the kinds of risks that really come to mind for you? What are the, the, the possibilities that would be of greatest concern for you?
John Crimmings
You know, I think depending on how, you know how an agent is set up and this sort of security model within that, you know, you could build a poorly written flow that would surface more information than is necessary in a query that could possibly go to either an employee user or an external user. You know, I, Those risks are probably not super high, but they’re possible, right?
I mean, it’s just once you’ve, unless you really can put your data in a secure box and built your processes and flows and the automation that the agent’s going to follow in the proper guardrails, you know, I think there’s always going to be some, some risks to that. You know, I’m I haven’t really thought too much about it, but you know, there’s all sorts of different possibilities I suppose that could happen.
I keep going back to, I keep going back to the idea that like nothing has changed dramatically in terms of our data being accessible. If it needs to be, or even if someone, even if it doesn’t need to be, if someone wants it, it could be accessible. Right.
I think what, what frightens me or keeps me a little bit more uneasy about this is just that we are introducing ways to access this information more quickly without a lot of transparency on the back end about how it’s getting surfaced. And so when you do that, there’s just more opportunity for things to possibly go wrong.
And I don’t know, I’m not going to, I’m not going to, I don’t necessarily believe we can reduce that risk to zero, just like you can’t reduce getting in a car accident to zero.
But I certainly think that we can do a better job of thinking about like a checklist of things to think about and you know, a framework for security to make sure that code in Salesforce, that automation in Salesforce, that permissions in Salesforce all sort of follow a model that minimizes the ability for accidental query to lead to some exposure of data that you don’t need that, that.
Andrew Davis
You wouldn’t want happen. And when you, you started out talking about, you know, creating a flow that gives access to more information than, than you should.
I mean, and, and that’s, you know, there’s, there’s the issue of, you know, using the built in permissions in Salesforce, assigning a different profile to somebody.
But then there’s the layers of complexity that emerge, you know, as you’re layering on, you know, the profiles with the flows, with whatever other automation you’re using in Apex and so forth. The ability to discern where the risks might be, reduces a lot.
I mean, the more complicated the stack is that you’ve built, the harder it is to discern the risks within that. And the faster you’re moving, the more complicated the stack that you’re going to build.
John Crimmings
Yeah, and I think the app like the flip side of that too is that if something does go wrong, the more complex, the more opaque the model is, the harder it is to quickly identify what was exposing that information or.
Andrew Davis
Or if the exposure even happened in the first place. Very difficult to discern, you know, when something is being misused.
If there was a malicious, say a malicious attacker, the, the, you know, I think we, we, we recognize that most of the world’s large companies are using Salesforce in some capacity or another. And if you’re, if you’re an employee of a Salesforce typically is B2B although a lot of it is B2C presumably as well.
So you know, when we talk about our data as two sort of random individuals in the, in the US Our data being in, I don’t know, potentially hundreds of Salesforce orgs, thousands of Salesforce orgs, somebody’s harvested from LinkedIn and made sense of who, who, who are in these different organizations. Then there’s lots of these. I, I think of these as fairly soft targets. Salesforce orgs, fairly soft targets that they’re.
And there’s not a lot of tight security as a lot of our thesis from the local security lines originally.
John Crimmings
Yeah, I think, I think the, I think the name of the game is just doing everything you can to minimize risk as much as possible. You know, I think there’s all sorts of interesting possibilities you just alluded to about, you know, shared LLMs across orgs.
You know, I don’t, you know, don’t know what’s possible, what, what’s, what’s there.
And I don’t know, you know, how, how, how that gets, you know, how, how we can, how we can determine if something goes wrong, if, if anyone will ever know. Right. And so, you know, there’s, there’s all sorts of almost sound sci, you know, a few years ago would have sounded like sci fi, right?
Like possibilities here. And they’re becoming more and more, you know, things to actually consider.
All we can really do as professionals on the Salesforce platform at least is raise awareness about the difference between the security that Salesforce provides to the orgs versus what clients and customers and stewards of the orgs are responsible for protecting within like the data of the Salesforce org. And I think that gap, you know, as we’ve talked about in the, in our, in our white paper last year, was, is, is, is.
It’s large and murky and you know, I think a lot of people are surprised to learn that that exists, that that gap exists. And so when it comes to AI and agent force, I think that the same rules apply.
It’s just becomes more of an immediate concern because it’s so attractive to get this out, to ship this, to put this in to help your customers, to help yourself.
You know, however, that, you know, that’s in conflict with the unattractiveness of spending time going through your users, understanding who they are, what they need to see what they should see are they provisioned properly, all that kind of thing. But if you don’t, then you run the risk of moving too quickly, I think, and really exposing potential problems later on.
Andrew Davis
When I was thinking about the vehicle fatalities and so the vehicle fatalities are particularly high among young people. Right. Because they get their license. And what’s fun and exciting about driving a car is going fast, going new places.
You know, there’s the exciting aspect older people tend to settle into. You know, that excitement loses its sheen and you begin to realize that your attention is best served by being more defensive, protective.
John Crimmings
You’re more you, you, you remember yourself being like a kid. And so, you know, those kids are out there. And you know, I think that’s. You’re right.
Andrew Davis
We’re both having flashbacks to driving way too fast. Yeah. Practice the attempt.
John Crimmings
I never did that, but I mean, presumably maybe once or twice.
Andrew Davis
Um, yeah. And so this.
Anyway, just to summarize, I guess the, the gap that you were talking about, in case anybody hasn’t read the white low code security alliance white paper yet, is, is how would you. How would you describe that in brief?
John Crimmings
I think, you know, I think there’s the.
Well, the shared security model for Salesforce is the, you know, the shared aspect of it is that Salesforce promises that they’re going to protect sort of the underlying architecture and infrastructure and Salesforce orgs.
What they don’t protect or what they leave up to the individual owners of each Salesforce environment is how you’re going to protect the data that gets put in the Salesforce and protect it to the users that you want to have access to. And you know, I think people in the Salesforce world, we are very familiar with that.
We are very familiar with profiles and permission sets and permission set groups and roles and all of the sharing rules and all the things that all the types of levers that can be pulled internally.
I think that the more you get outside of Salesforce in a business, the Salesforce silo in the business, I feel less sure that maybe other areas of infosec within a company are aware of the onus on the org owners to protect that data. I think the confusion gets blurrier when people who don’t use Salesforce but maybe work at a place that does and care about security and.
And that kind of thing. Find out a little bit more about how important it is to have a model in place that you’re responsible for.
It’s not just what Salesforce does behind the scenes.
Andrew Davis
I remember talking to one CISO chief Information security officer at a major credit union. We talked to him about Salesforce security risks and he said this, this stuff scares the shit out of me was his actual quote.
So you would say that that knowledge gap is significant. There’s a significant knowledge gap between the security professionals within a company and the people who know how Salesforce works and is secured.
John Crimmings
Yeah, I think, I mean, I think that’s, I think that’s probably true. I think a lot of people, you know, I think often Salesforce lives sort of within its own world in an enterprise IT environment.
And so, you know, just, just over the last couple years I think it’s been interesting to see, you know, I remember one particular client where wanted to get the Salesforce teams access to GitHub and they were, the response was finally like they were the only ones who hadn’t been using it.
And I think like sometimes Salesforce just lives on an island, you know, for, for, for reasons I think that are understandable, but I think sometimes there’s a danger and it being a little bit too separate, particularly when we’re talking about the security side of things, it occurs.
Andrew Davis
To me that there’s multiple gaps that all sort of add up. Right? There’s a gap between the security professionals knowledge of, you know, what’s going on in Salesforce and, and the Salesforce team.
So for example, the security professionals will have signed off during the initial purchase process saying Salesforce does seem to provide all of the security requirements we would expect, you know, MFA and you know, access control lists, all these kinds of things. But they’re not fully appreciate, you know, how much Salesforce stuff is custom code.
Then there’s also a gap between, in the people working on Salesforce, between their knowledge of how to configure Salesforce and their real understanding of security principles. That’s another gap.
And then, you know, you, you said earlier that as Salesforce professionals we understand profiles and permission sets and permission set groups.
And so I, I mean, I know for myself I understand all of that very well, you know, in theory and if I’m, if I’m shining the light of my attention on one particular situation, I. It very well. But say, you know, as a consultant or somebody who’s been hired in as an admin for your Salesforce.
Org, you’ve got, I don’t know what, tens of thousands of different bits of configuration and at any given moment you can shine the light of your attention on a pretty small number of things. Right, so there’s a gap there.
John Crimmings
Yeah, I think, I think one Thing that I’ve noticed is, is that, you know, it’s very. And I think this goes to sort of the, you know, the. It’s not super attractive space until it’s a problem. Right.
But I think that it’s rare that people start out a new salesforce Org with a clearly defined like approach to here’s my users, here’s what I want each type of user to see and do and then kind of like not just move forward with that, but then document that as an institutional resource to rely on for both either the, you know, the, the Salesforce team or the business side of it.
And so because that’s seemingly very rare, what ends up happening is that the way Salesforce gets implemented is, is, you know, some large companies, they might have multiple different vendors come in at multiple different times over years. And, and that is not institutional knowledge. That is knowledge that passes through, that gets set up.
And there might not be a lot of people who have an understanding or an awareness of why something was done or what was done. And if it’s not documented, it’s really hard to fix or really hard to make better because get into other reasons.
But there’s not a really easy way to kind of clean that up. And so I think, you know, I think the, the analogy that I kind of am drawn to is, you know, I’m not the most organized person.
Sometimes like I’ll, you know, I just kind of like dump my keys somewhere and, or my wallet somewhere and I can never find it and like, or like in a big drawer full of things. And that sometimes feels like how it is like trying to figure out what, what gap might exist or what. Or who.
Who has access to something that they shouldn’t have because it’s like all jumbled together with everything else and there’s no order, rhyme or reason to it.
And, and I think that’s like an area where if you’re thinking about getting into Agent force and you’re moving quickly, if you haven’t thought through that before, that’s where I think the two need to come in together. They have to be. It’s one and the same. It’s part of the same solution.
Andrew Davis
So I guess if I were to summarize that there’s this underlying thought process that is critically important for organ, you know, for Salesforce Orgs is making sense of how to map its capabilities to what’s actually needed and keep that fresh. And that gets more challenging as you bring more consultants in over time. The, the older the org gets.
And so for the more different people are working on it.
And then as things speed up with agent force and so forth, then that sort of mental problem becomes bigger and bigger and bigger and that there’s also this sort of negative. It’s.
It’s not as exciting to do the deep thinking that’s required to rationalize who should get access to what and how do we ensure, you know, negative tests on, you know, who should not get access to certain things. And yeah, it just compounds to be quite a significant amount of risk. It really does deserve significant attention.
John Crimmings
Yeah, I think, you know, the, the, the orgs that have, like I just said, with multiple vendors that come in and, and sort of patchwork. Patchwork, the organization of, of the salesforce environment, that’s like one extreme.
And then the other extreme, though, I think is important too, like a smaller org, one that might not have partners come in to help set up. Like, they might not take security as seriously because, like, there’s just a handful of people who do it right.
And so the need to kind of separate what people have access to is less of a concern or considered to be concerned. So it’s really about. You don’t want to, you don’t want to find yourself on either end of those extremes.
It’s like finding the Goldilocks setup here where you’re. You’re minimizing the risk for as many people as possible.
Andrew Davis
Fantastic.
Well, I, John, I’m really very, very grateful for the chance to think through this topic with you today and then as well over the last year or more that we’ve been considering these topics and really trying to bring them into the public awareness. And I really appreciate all of you, the work you’ve done to look at Agent Force for employees and the risks there.
So thank you for joining us for another episode from Code to the Cloud, this time with John Crimmings. We’ll be releasing informative conversations from industry leaders every month, and so be sure to subscribe to the show wherever you stream podcasts.
You can also Visit us at www.autorabit.com for show notes, helpful links, and access to every episode as they’re released. Stay safe out there, and we will see you next time.
