As AI agents move to complex multi-system workflows, siloed security fails. This platform-centric approach ensures consistent identity, data, and API governance, preventing unauthorized access and ensuring auditability across distributed enterprise environments.
While enterprises deploy AI agents at a rapid pace, their governance strategies often remain fragmented. Most organizations enforce identity, data access, and API security in separate silos, which creates dangerous gaps as agents move across systems. Salesforce Engineering addresses this by shifting the focus from securing individual agents to enforcing governance at the platform level.
We designed a unified governance system across Agentforce, Data 360, MuleSoft, Informatica, and our core platform to address these gaps and ensure that identity, data, and APIs work together to protect every interaction.
Join us as we explore how our team addresses three critical challenges. We show how identity and authorization propagate across multi-system workflows to keep every action secure. We examine how data access controls remain active regardless of how agents process data. Finally, we demonstrate how a unified control model integrates identity, data governance, API enforcement, and AI trust into a single safeguard for every interaction.
Agent workflows exacerbate the challenges of enforcing identity across systems. A single request often triggers multiple downstream API calls, invokes services across platforms, and coordinates with other agents. This complexity means that without consistent identity propagation, organizations struggle to attribute, govern, and audit actions across systems.
To solve this, the core Salesforce platform propagates identity across each step of execution. When an agent operates on behalf of a user, that user’s identity also flows through every downstream interaction, whereas autonomous agents rely on their own (system) identity. This continuous flow ensures every action occurs within a consistent identity context regardless of the workflow complexity.
This architectural choice allows systems to distinguish between agents operating as independent identities and those acting as proxies for users. Because agent-driven workflows expand the potential impact of actions compared to deterministic systems, this distinction remains vital. Consistent identity propagation actively limits unintended consequences across downstream systems.
Authorization then builds on this identity model by enforcing data and feature access controls based on Principle of Least Privilege, with tokens scoped to only the permissions required. The platform also governs which actions an agent can discover and use in alignment with these authorization policies. Because both user and agent identities are propagated, access policies can be applied to grant the appropriate level of permissions for each.
Ultimately, the consistent propagation of human and agent identities ensures that these identities can be durable and reliable authorization attributes, governing every interaction across distributed workflows rather than a simple point-in-time check.
Agentic workflows dramatically increase the volume of data being accessed and connected; this stresses traditional governance and demands uniform enforcement to prevent unintentional exposure. Data moves through APIs, unstructured search, external connectors, and multi-step orchestration. Without centralized enforcement, these complex paths allow users or agents to bypass governance entirely.
To prevent these gaps, Data 360 and the core Salesforce platform route all data access through a unified enforcement layer. This layer sits between access patterns and underlying systems to ensure the same policies apply to every request. Whether an action originates from a user interface, an API, or an autonomous agent, the system evaluates security before returning any data.
This centralized model successfully combines multiple layers of control:
Data 360 provides the foundation for Agentforce agents to access unified enterprise data, including real-time and zero-copy sources, while applying data governance controls managed within the platform. These controls extend to both structured and unstructured data, with capabilities to detect and tag sensitive information during ingestion so policies can be enforced consistently at retrieval. This helps reduce the risk of exposing restricted content in agent responses. Even when agents access external systems through zero-copy architectures, governance is applied through the platform’s data access and policy enforcement mechanisms.
The defining property of this design centers on its independence from agent behavior. An agent only retrieves what the underlying access model permits, regardless of how it constructs a request or how many systems it involves.
Enforcing governance in isolated layers fails as agents interact across systems, APIs, and AI models. Identity, data, and API controls must be enforced consistently even as workflows cross platform boundaries and involve external services. Because agents operate across these layers, governance must function as a unified model within Agentforce-driven workflows.
MuleSoft provides a unified policy enforcement layer that helps apply consistent controls across APIs, integrations, and external systems. The system evaluates API traffic against defined policies, such as authentication, authorization, and rate limiting, ensuring governance is applied where those policies are configured and enforced.
Informatica strengthens policy enforcement by providing automated discovery and classification of data across the enterprise architecture. By mapping data lineage and enriching semantic context from external systems, including ERPs and third-party data warehouses, it helps eliminate governance ‘blind spots.’ This ensures AI agents comply with data handling policies and respect sensitive data boundaries, regardless of whether the data originated in Salesforce or was integrated from an external environment.
The rapid pace of enterprise AI adoption has resulted in fragmented model access and governance that lacks the comprehensive cost controls, durable audit trails, and consistent policy enforcement required for enterprise-scale LLM interactions. Consequently, most organizations maintain an AI estate that is difficult to audit, expensive to optimize, and challenging to trust at scale, often leading to unforeseen cloud costs when requests default to the most expensive models.
MuleSoft’s AI Gateway addresses these challenges by providing a unified access layer for multiple Large Language Model (LLM) providers. It enables governance, intelligent routing, and cost management for AI applications.
Beyond real-time enforcement, the platform provides visibility to help validate and improve governance over time. Every agentic interaction generates trace data that’s aggregated within Data 360, serving as a unified observability layer for tracking activity across Salesforce and external systems. This enables organizations to perform several critical tasks:
Furthermore, AI model interactions introduce unique risks, such as data persistence and sharing of sensitive information, that require a new set of governance controls. The Agentforce Trust Layer addresses these challenges by enforcing responses grounded in enterprise data, masking sensitive information, and preventing external model providers from retaining or persisting customer data.
Ultimately, these layers operate together rather than independently. The platform evaluates every request across identity, data governance, API policies, and AI trust. If the interaction fails to satisfy any constraint, the system blocks or restricts the action.
AI agents expand the capabilities of enterprise systems while simultaneously increasing the surface area for potential risks. Securing these environments requires more than simple edge controls. It demands that organizations embed governance into every layer where the system makes decisions and executes actions.
Salesforce meets this requirement by treating identity, data access, API interactions, and AI behavior as a single, integrated system. This integration ensures that governance remains intact even as agents operate across complex, distributed environments.
As these agent ecosystems evolve, Agentforce continues to play a central role in enforcing trust, governance, and interoperability across enterprise agent systems. This architectural foundation provides the necessary framework for future growth and complexity.
This approach defines the path forward for the industry. Effective governance must be continuously enforced, fully observable, and designed to evolve alongside the very systems it protects.
The post Building an Enterprise Agent Platform: Enforcing Identity, Data, and API Governance appeared first on Salesforce Engineering Blog.
Continue reading on the original blog to support the author
Read full articleAs AI agents become more autonomous, traditional governance fails. This integration provides engineers with deterministic lineage and tracing, allowing them to audit AI decisions, ensure data quality, and mitigate risks like hallucinations in complex, dynamic execution environments.
Scaling security operations manually is impossible in complex cloud environments. SATA demonstrates how AI agents can automate high-volume triage with 95% accuracy, allowing engineers to focus on critical threats while maintaining trust through confidence scoring and orchestration.
Enterprise AI requires real-time context and verifiability. This architecture solves hallucination problems by grounding LLMs in live web data with a citation engine, making AI outputs reliable for critical business decisions and ensuring transparency through traceable source metadata.
It demonstrates how to build a scalable, trust-first AI agent architecture. By integrating deterministic graphs with unstructured data and open standards like MCP, it provides a blueprint for enterprise-grade AI orchestration and governance beyond simple chat interfaces.
