Governance & Trust
Governance isn't a slide at the end. It's the foundation we engineer first.
Most enterprise AI fails on data and governance — not models. Before any agent ships, we engineer the controls a CIO, a regulator and a security team actually ask for: a kill-switch, scoped permissions, an audit trail, exfiltration defense and consumption control. Skim the four pillars below in twenty seconds.
Documented kill-switch
Scoped permissions
Inherited audit trail
Exfiltration defense
Every agent ships through the gate — before it goes live.
The model, at a glance
Four fears enterprises have about AI agents. Four things we engineer against them.
Every pillar starts from a fear a serious buyer already holds — then shows how we engineer against it inside Salesforce's governed trust boundary. No FUD, no absolutes: we reduce and de-risk, we don't claim to eliminate.
The fear
Governed
gate
How we engineer against it
The four pillars
Each pillar: the fear, then how we engineer against it.
Kill-switch & permissions
The fear
An agent does something you didn't intend, and there's no clean way to stop it or scope what it can touch.
How we engineer against it
We design a documented kill-switch and a least-privilege permission matrix before any agent ships. Agents act under your existing Salesforce permissions and sharing rules — never with standing super-user access — and a human stays in the loop on consequential actions.
- Documented, tested kill-switch you own and control
- Least-privilege permission matrix scoped per agent
- Human-in-the-loop gates on consequential actions
- Acts under your sharing rules — no standing super-user
Audit-ready & data residency
The fear
When the board, a regulator or security asks “what did the AI do, and where does our data live?”, you can't answer with evidence.
How we engineer against it
Your AI runs inside Salesforce's trust boundary. We don't pipe your data out to third-party AI tools — Agentforce operates on your governed Salesforce data under the Einstein Trust Layer, with your permissions, sharing rules, and audit trail. Every agent action is captured in an inherited audit trail you can hand to an auditor.
- Inherited, reviewable audit trail of agent actions
- AI reasoning stays on-platform, under your permissions
- Data-residency posture mapped and documented
- Audit-log review handed off as an owned runbook
Exfiltration defense
The fear
An indirect prompt-injection chain turns your helpful agent into a data-exfiltration path — the ForcedLeak class of attack.
How we engineer against it
ForcedLeak is an industry-documented issue we engineer against — not one we claim to eliminate. We design against this attack class with Trusted-URL allow-lists, governed Agentforce actions instead of raw access, schema-validated outputs, and input boundaries — then review the exfiltration surface as a deliverable you keep.
- Trusted-URL allow-lists and constrained outbound actions
- Governed Topics over raw, ungoverned agent access
- Schema-validated outputs — no free-form data egress
- Documented exfiltration-surface review you own
Cost & consumption control
The fear
Agent and Data 360 consumption climbs in ways nobody predicted, and the AI bill becomes a surprise no one can defend.
How we engineer against it
We instrument consumption from day one and build budget guardrails into the design, so usage maps to outcomes you chose — not runaway spend. Our agentic, outcomes-not-hours model also strips the billable-bench markup, so you reach a governed result faster and at lower cost than a staff-aug project.
- Consumption instrumented and visible from day one
- Budget guardrails and alerts built into the design
- Usage mapped to the outcomes you scoped
- Outcomes-priced engagements, not a metered timesheet
Our trust principle, stated precisely
Scoped, not absolute — because that's the version that holds up.
“Your AI runs inside Salesforce's trust boundary. We don't pipe your data out to third-party AI tools — Agentforce operates on your governed Salesforce data under the Einstein Trust Layer, with your permissions, sharing rules, and audit trail.”
The honest caveat
Integration (MuleSoft, Data 360) moves and federates data through governed, audited connectors — by design and under your control. What stays on-platform is your AI and its reasoning.
Why scoped beats absolute
- Defensible under scrutiny. A claim a security team can verify earns trust; an absolute one they can disprove destroys it.
- Honest about integration. Data does move through governed connectors by design. We say so — and keep your AI on-platform.
- Built on Salesforce trust. Permissions, sharing rules and audit are inherited from the platform, not bolted on by us.
Why this page exists
The risks are documented. The governance answer mostly isn't.
These are market facts with sources attached — context for why foundation-first governance matters, not claims about DHI Dynamics' own results.
Most enterprise GenAI pilots fail
MIT's 2025 study found the vast majority of enterprise GenAI pilots delivered no P&L impact, the root cause an integration and governance gap, not weak models.
Source: MIT NANDA, The GenAI Divide (2025), as reported by Fortune.
ForcedLeak — CVSS 9.4
Researchers documented an indirect prompt-injection chain in Agentforce (CVSS 9.4) capable of CRM data exfiltration. Salesforce has since patched it and enforced Trusted-URL allow-lists — an attack class we design against.
Source: Noma Labs disclosure (Sept 2025); analysis by Varonis.
Make governance the reason your AI ships, not the reason it stalls.
In one working session we map your data foundation, your permission and audit posture, and the exfiltration surface, then scope a governed path to Agentforce you can actually defend.