The context boundary
The safest leakage control is to avoid placing forbidden data in the context at all.
AIGIS does this by checking Salesforce permissions before the model receives context.
Salesforce / AIGIS resources
Salesforce AI leakage controls start with what enters context.
Salesforce data can leak through values, field names, record selection, summaries, and write proposals.
Executive read
The short version, before the deep dive.
Use live record checks for permission-sensitive workflows.
Strip inaccessible fields instead of exposing field names.
Minimize context before the model route.
Record stripped and denied context for review.
Analysis
What matters
The review artifact
A leakage review should produce an artifact security teams can inspect: included fields, excluded fields, checked records, and model route.
That artifact is more useful than a generic statement that sensitive data was handled carefully.
Resource packet
Turn this into a review worksheet.
Evidence packet
Permission-Provenance Evidence Packet
Capture user context, system of record, enforcement tier, stripped fields, model route, response, hash marker, and fallback notes.
Salesforce is the production proof path. ServiceNow and SAP are design-partner co-development paths with asymmetric enforcement that must be disclosed in diligence.
Keep reading
Related resources.
Use case
AI Data Leakage Prevention for Salesforce
How to prevent Salesforce data leakage in AI systems with live record checks, field stripping, prompt minimization, write approvals, and permission provenance.
Salesforce
Salesforce Record Access For AI
Why live Salesforce record visibility matters when assembling AI context for CRM workflows.
Security
Field Stripping Vs Masking In AI Governance
A short comparison of field stripping and masking for enterprise AI security reviews.