TL;DR: In 2016, Salesforce was a CRM and most enterprises treated its security as the vendor’s problem. In 2026, Salesforce is Tier 1 infrastructure, and the 2025 breach wave settled who actually owns its security: you, the customer. Every major 2025 incident, from Jaguar Land Rover to Allianz Life, exploited the customer side of Salesforce’s shared responsibility model, not the platform itself. Governing Salesforce as a Tier 1 discipline is now a board-level business continuity requirement, not an IT afterthought.

Key takeaways:

• Salesforce’s shared responsibility model splits security duties: Salesforce secures the platform and infrastructure, and the customer secures everything built on top, including data, identity, connected apps, change management, and backup.
• The 2025 attacks were attributed to a cybercrime collective operating as ShinyHunters, Scattered Spider, and Lapsus$. Google’s Threat Intelligence Group reported the broader campaign affected more than 700 organizations.
• The Jaguar Land Rover incident alone caused an estimated £1.9 billion in losses, which the Cyber Monitoring Centre called the most economically damaging cyber event in UK history.
• A 2025 Salesforce Ben survey found 73.5% of admins did not know what the shared responsibility model was, nearly 30% used no backup, and 65.5% had no archiving tool.
• What separated organizations that recovered fast from those still recovering was not whether they were attacked but whether they had governance discipline: versioned metadata, tested recovery, scoped access, and immutable audit trails.

The CRM that quietly became Tier 1 infrastructure

In 2016, a Salesforce outage cost a sales team a few hours. In 2026, when Salesforce governance breaks, production lines stop, regulators take notice, and executives lose their jobs. The platform most enterprises still manage like a departmental CRM has become the system of record for revenue, service, regulated data, and now autonomous AI workflows.

The 2025 breach wave forced a question most boards had deferred for a decade: who actually owns Salesforce security? This post answers it. It covers what the 2025 attacks exploited, what the shared responsibility model asks of you, why 2016-era governance cannot survive 2026 threats, and what a defensible posture looks like now, including the new dimension that Agentforce introduces.

What is the Salesforce shared responsibility model?

The Salesforce shared responsibility model is the division of security duties between Salesforce and its customers: Salesforce secures the platform and underlying infrastructure, while the customer secures everything they build and store on top of it. That includes data, user access, connected apps, configuration changes, and backup and recovery.

This is the standard SaaS security posture, not a Salesforce-specific position. Per Salesforce’s own trust documentation, the vendor keeps the platform resilient, reliable, and available. The moment you start storing data, provisioning users, connecting apps, and deploying automation, responsibility shifts to you.

In practice the customer side of the line spans six areas: data protection (classification, encryption, retention, residency); identity and access governance (provisioning, role design, permission sets, MFA, OAuth scope); connected apps and integrations (vetting, scoping, credential rotation); change management (metadata version control, deployment validation, rollback); backup and recovery (Salesforce deprecated its native data recovery service in 2020 and does not position it as an enterprise backup); and audit, monitoring, and incident response. In 2016, the gap between what enterprises assumed Salesforce did and what it actually did was merely uncomfortable. In 2026, that gap is the attack surface. (More on the shared responsibility model.)

What actually happened in the 2025 Salesforce breach wave?

The 2025 attacks did not breach the Salesforce platform. They exploited the customer side of the shared responsibility model. On August 31, 2025, Jaguar Land Rover detected an intrusion and shut down its IT systems to contain it. Production stopped for weeks. The Cyber Monitoring Centre later estimated £1.9 billion in losses, the most economically damaging cyber event in UK history.

JLR was not alone. Marks & Spencer lost contactless payments and click-and-collect for weeks. Co-op confirmed personal data for 6.5 million members was compromised. Allianz Life and TransUnion both disclosed Salesforce-related exposures affecting millions. Even cybersecurity vendors, including Cloudflare, Palo Alto Networks, and Zscaler, disclosed Salesforce-linked breaches in the same window.

The threat actors operated under the names ShinyHunters, Scattered Spider, and Lapsus$. Google’s Threat Intelligence Group tracked the campaign and reported it affected more than 700 organizations over the summer. The common thread is the detail that matters most: the attackers used over-privileged connected apps, unscoped or unrotated OAuth tokens, and socially engineered credentials. In the M&S case, the initial vector was a social-engineered employee at a third-party provider, a path that existed entirely outside Salesforce’s own controls.

Stated plainly, the 2025 lesson is this: the threats facing Salesforce customers are now organized, persistent, and aimed directly at the gaps the customer is responsible for closing.

So who owns Salesforce security, the customer or Salesforce?

The customer owns the majority of Salesforce security, and in 2026 that ownership is a board-level obligation. Salesforce delivers the platform; you deliver the governance. None of the 2025 breaches were platform failures. All of them were customer-side governance failures, which is to say they were preventable when the operating model is designed for them.

This is where the readiness gap is most exposed. A 2025 Salesforce Ben survey found that 73.5% of admins did not know what the shared responsibility model was. Nearly 30% used no backup solution, and 65.5% had no archiving tool in place. These are not edge cases. They are the predictable result of a decade in which Salesforce security was assumed rather than designed.

How has Salesforce’s risk profile changed from 2016 to 2026?

The role Salesforce plays, the threats around it, the regulatory floor beneath it, and the cost of getting it wrong have all moved in the same direction at once.

Why can’t 2016-era governance survive 2026 threats?

The recurring failure modes inside a Salesforce program are not dramatic. They are structural, and they accumulate:

• A flow deployed near a deadline corrupts tens of thousands of records, and without versioned metadata or tested recovery, finance reconstructs the data by hand.
• A release behaves differently in production than in the sandbox it was tested in, and manual rollback is slow and error-prone.
• An admin adjusts roles for a business request and inadvertently broadens access to sensitive records, undetected until an audit surfaces it months later.
• An OAuth-connected app granted broad scope years ago is still active, still trusted, and now compromised through a third-party supply-chain attack, with no anomalous login to detect.

In 2016, these failures cost time. In 2026, they cost shareholder value and regulatory standing. The Marks & Spencer chief digital and technology officer stepped back from her role in the months after the breach. The practices that made these failures tolerable, like manual change tracking and ad-hoc backups, are precisely what the 2025 attackers exploited.

What does 2026-grade Salesforce governance look like?

Enterprises in regulated industries that weathered the past decade converge on a recognizable operating model. Flosum calls it the TRUST Framework, built on five pillars:

• Transparency: a complete, immutable record of every metadata change across every environment, so “what changed and who approved it?” is answered in seconds, not days.
• Resilience: recovery designed, not improvised, with automated incremental backups for metadata and data, granular restore, and pre-deployment snapshots.
• Unified governance: a single operating model across all orgs and teams, with centralized policy, standardized CI/CD, and separation of duties.
• Safeguards: security shifted left, with code and metadata scanning, PII and PHI detection, and non-compliant changes blocked before they reach production.
• Technology: a purpose-built platform that unifies the above, because fragmented toolchains produce the gaps in the audit trail that attackers exploit.

The payoff is operational, not just defensive. The U.S. Navy reported 72% faster deployments after standardizing its Salesforce release process, the kind of velocity gain that security-regulated organizations usually assume they have to trade away for control. With the right operating model, speed and governance move together. (More on the TRUST Framework.)

How does Agentforce change the security picture?

Agentforce introduces autonomous agents that act, not just suggest, which moves every existing risk to machine speed. Earlier AI features offered summaries and recommendations. Agents interpret goals, decompose them into steps, and execute workflows across systems in real time. An over-privileged agent identity, a misconfigured tool grant, or a prompt-injection flaw can now cascade across orgs faster than human review can catch it.

Three governance gaps are already visible in early deployments: identity and privilege (agents act on behalf of users, but with what scope and for how long?); lineage and audit (can you reconstruct what an agent did, why, and on whose authority, to a regulator’s satisfaction?); and deployment discipline (agent-generated changes need the same testing, approval, and rollback as human changes). The enterprises governing agents well are extending their existing TRUST disciplines to autonomous action. (More on governing autonomous Salesforce agents.)

Frequently asked questions

The ownership question is settled. The work isn’t.

The era in which Salesforce security could be delegated to assumption is over. The 2025 breach wave answered the ownership question, and the answer is the customer. What remains is the work of designing, owning, and operating that security as a Tier 1 discipline before the next incident, not during it.

Flosum is the end-to-end enterprise DevSecOps platform purpose-built for enterprises running Salesforce as Tier 1 infrastructure, unifying transparency, resilience, governance, safeguards, and technology in a single platform so teams ship faster, audit cleaner, and recover quicker than fragmented toolchains allow. Request a demo to see how it closes the gap between Salesforce platform security and enterprise-grade governance.

For a deeper look at how the Salesforce risk landscape has changed, the governance gaps enterprises need to address, and what a defensible security posture looks like in 2026, read the full Salesforce Security: 2016 vs 2026 white paper.