Where leakage starts
Leakage can begin when a prompt is assembled, before the answer is generated.
For Salesforce-heavy teams, the first review should inspect how CRM permissions shape the context that reaches the model.
Use case / AIGIS resources
Customer data should be governed before it becomes AI context.
Customer data in CRM records often contains sensitive fields, role-dependent visibility, and audit obligations.
Executive read
The short version, before the deep dive.
Start with CRM fields and records that have different access by role.
Remove inaccessible fields before context assembly.
Record why each customer-data element was included.
Use a governance review before expanding the workflow.
Analysis
What matters
What good looks like
The reviewer should be able to compare the user's permissions with the final context and see why each record or field was present.
That evidence is the difference between a claim of safety and a governable runtime path.
Resource packet
Turn this into a review worksheet.
Evidence packet
Permission-Provenance Evidence Packet
Capture user context, system of record, enforcement tier, stripped fields, model route, response, hash marker, and fallback notes.
Salesforce is the production proof path. ServiceNow and SAP are design-partner co-development paths with asymmetric enforcement that must be disclosed in diligence.
Keep reading
Related resources.
Salesforce
Salesforce AI Data Leakage Controls
Controls for reducing Salesforce data leakage risk in LLM-based workflows.
Checklist
Salesforce AI Governance Review Checklist
A practical review checklist for Salesforce-heavy teams evaluating AI permissions, field stripping, record access, and audit evidence.
Checklist
LLM Field-Level Security Checklist
A security checklist for evaluating whether fields are removed before LLM context is assembled.