Security researchers built an AI agent that autonomously discovers and exploits vulnerabilities in Salesforce sites, demonstrating that complex security flaws can now be found and weaponized without human intervention.

What happened: Reco's security team created an AI-powered agent that takes a single URL and independently maps the attack surface, discovers vulnerabilities, writes working exploit scripts, and extracts real data from Salesforce Experience Cloud sites. The agent operates in five phases—reconnaissance, object analysis, Apex fuzzing, exploitation, and severity review—with an LLM directing each step and deciding which skills to invoke and when to backtrack.

Why it matters: The researchers tested the agent on real-world Salesforce sites belonging to major technology companies and found high-severity vulnerabilities on organizations that invest heavily in security. The agent wrote exploits from scratch and extracted PII without human guidance after being given a target URL. This shows that the premise that 'some vulnerabilities are too complex to exploit automatically' is now obsolete, and threat groups could replicate this approach for malicious purposes.

What to watch: All vulnerabilities described were responsibly disclosed through the affected organizations' security programs. The researchers explicitly constrained the agent to prevent write, delete, or modify operations and limited bulk extraction—a distinction from how a malicious attacker might operate, though the core capability remains the same.