Microsoft, Salesforce Patch AI Agent Data Leak Flaws
Summary
Salesforce and Microsoft recently fixed two prompt injection vulnerabilities (security flaws where attackers hide malicious instructions in text inputs to trick AI systems) in their AI agent products, Agentforce and Copilot. These flaws could have allowed external attackers to access and steal sensitive data from users.
Classification
Affected Vendors
Related Issues
CVE-2026-30308: In its design for automatic terminal command execution, HAI Build Code Generator offers two options: Execute safe comman
CVE-2026-40087: LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.28, LangChain's f-str
Original source: https://www.darkreading.com/cloud-security/microsoft-salesforce-patch-ai-agent-data-leak-flaws
First tracked: April 15, 2026 at 08:00 AM
Classified by LLM (prompt v3) · confidence: 92%