The recent unveiling of Salesforce Headless 360 marks a significant paradigm shift in the CRM industry, signaling a move away from rigid, UI-bound ecosystems toward a decoupled, “AI-first” infrastructure. For growth leaders, marketing executives, and revenue operations professionals, this means the CRM is no longer a destination users must manually log into, but rather a background engine. This engine can be accessed conveniently via natural language and “agentic” interfaces like Slack, Teams, or custom coding tools, fundamentally changing how teams interact with critical customer data and functionality.
1. Agentic Orchestration and the Model Context Protocol (MCP)
The core of this transformation is the decoupling of the CRM interface from its data layer, opening up the platform with comprehensive external API access. This shift converts Salesforce data, workflows, and business logic into over 60 composable Model Context Protocol (MCP) tools. These tools act as building blocks that allow AI agents to seamlessly interact with Salesforce without a traditional UI.
This agentic approach promises to automate complex workflows. Operational tasks, such as updating a Salesforce record or opportunity, can now be executed through agentic interfaces like Slack, completely bypassing the need to log into the traditional CRM UI. This functionality also supports extending beyond Salesforce-owned products to a wide variety of other interfaces such as Microsoft Teams, custom web and mobile apps, or even communication channels like Voice, WhatApp or SMS, as long as they adhere to the MCP protocol. The ultimate positive evolution is toward improved operational efficiency, giving users a consistent experience wherever they are already working, allowing teams to execute tasks like managing pipeline, building dashboards, and campaign journeys easier and without as many technical barriers.
2. Evolving Skillsets: Prompt Engineering and Data Hygiene
As systems transition to an agentic execution model, this democratizes the platform by transforming how non-developers, such as business users and admins, interact with and build upon the system. This highlights a growing need for a critical emerging competency: prompt engineering. For end users, especially marketers and sales representatives, the ability to write precise instructions are paramount to getting the desired results from AI. This shift necessitates that teams quickly adopt an “AI-first” approach for building solutions.
However, foundational pieces also remain crucial; even Headless 360, requirements like good data quality and metadata hygiene practices are still essential for success. AI does not natively “know” your business; it relies on your data (the facts) and your metadata (the context, rules, and structure) to make real-time decisions. Keeping data clean, deduplicated and up to date, and ensuring fields have descriptions, picklists are organized and accurate, gives AI the correct information, and the business logic and context to understand what it means.
3. Strategic Skepticism and Navigating Release Reality
While the potential for improved operational efficiency is high, leaders should approach the Headless 360 announcement with strategic skepticism. As with many major platform evolutions, the full scope of Headless 360 will likely unfold in phases rather than arriving as an immediate, all-in-one solution. While the announcements focus on a complete platform of tools, all are not generally available at this time, with some features in pilot now or planned for release in the summer and beyond, so customers should prepare for implementation over a phased roadmap. Ultimately, the move to Headless360 is a necessary and welcome alignment with modern market standards, ensuring Salesforce remains competitive as organizations increasingly adopt headless architectures.
Executives should view this development as a positive step forward, particularly for organizations that prioritize prompt engineering training and robust data governance. The headless model offers a more seamless and convenient way to integrate Salesforce functionality where users typically work day-to-day, which is an effective strategy for boosting user adoption. The foundation for this is already emerging, with capabilities such as the Agentic Enterprise Search (also known as Ask Agentforce) feature currently in beta, which uses natural language queries to synthesize summaries from connected systems.
Conclusion
The Headless 360 announcement marks the beginning of a future where growth is driven by a decentralized, AI-first engine. As technical complexity is abstracted away by agentic interfaces, success will hinge on empowering teams to adopt prompt engineering as a new competency and maintaining unwavering data hygiene. Organizations that can adapt their skillsets and navigate the gap between marketing promise and practical application will be best positioned to leverage this evolution for superior operational efficiency and accelerated growth.
With the upcoming June 2026 updates Salesforce has just announced, Salesforce is once again raising the bar for platform security. While these updates are designed to keep your data safer than ever, they do require some proactive heavy lifting from admins to ensure integrations don’t break and user access remains seamless.
In line with the messaging we’ve seen from Salesforce recently—focusing on the intersection of AI, Data, and Trust—these enhancements are mandatory. We want to make sure you’re ahead of the curve. Let’s dive into the core security requirements and what you need to do to prepare.
Email Domain Verification
What is changing: Salesforce now strictly requires all outbound email-sending domains to be verified. To verify a domain, you must establish ownership using either DKIM key (recommended) or a verified entry in the authorized email domains list. As part of this change, Salesforce will no longer deliver emails from unverified domains, even if the specific sender’s individual email address was previously verified.
Why it matters: Email deliverability is becoming stricter globally, with major mail providers increasingly filtering or rejecting unauthenticated domains. If your organization attempts to send an email from an unverified domain, the delivery will fail and the email will be silently dropped. It won’t generate a bounce notification or an error message for your automations.
Who is impacted: Any emails sent directly from the Salesforce platform, which includes emails sent via the Email Composer, Apex email, Flow-triggered emails and even system-generated emails like notifications of a new Lead or Opportunity assignment.
Timeline: Enforcement began rolling out to sandboxes in March 2026, and production orgs in April 2026.
How to prepare:
You can check the verification status in your org by going to Deliverability settings in Setup and enter your domain in the Check Domain Verification section.
Ensure your email sending domains are verified using one of the following methods:
Enable a Safety Net: To minimize immediate business disruption while waiting for domain verification, enable “Use a substitute email address for unverified domains” on the Deliverability Setup page.
What is changing: While Multi-Factor Authentication (MFA) has been a contractual “requirement” for some time, Salesforce is moving toward technical enforcement for all UI logins (i.e. the login.salesforce.com page). This means any user logging into the Salesforce UI must use Multi-Factor Authentication. The ability to toggle this off for specific profiles or bypass it via legacy settings is being deprecated.
Why it matters: Data breaches are commonly linked to compromised credentials. Making MFA a technical requirement for every single user, ensures that even if a password is compromised via social engineering, your org remains protected.
Who is impacted: All users logging into Salesforce (direct UI or SSO logins) in production or sandbox orgs and do not have one of these permissions: System Administrator profile, Modify All Data, View All Data, Customize Application, or Author Apex. (Users with these permissions are considered “privileged” and have their own MFA requirements, see the next section)
Timeline: Enforcement is rolling out in waves, starting in Sandboxes on June 22, 2026, and production orgs starting July 20th.
Ahead of enforcement, orgs that have the setting “Require multi-factor authentication (MFA) for all direct UI logins to your Salesforce org” disabled may start seeing this pop-up message as a heads-up on the upcoming enforcement.
Orgs with that have been updated will see the “Require multi-factor authentication (MFA) for all direct UI logins to your Salesforce org” setting (under Setup > Session Settings) enabled and greyed out.
How to prepare:
Audit users still not using MFA to assess who will be impacted. Use the “Identity Verification Methods Report” to view the methods being used by your organization.
Identify users relying on the “Waive Multi-Factor Authentication for Exempt Users” permission. To restore this exemption for valid use cases (e.g., automated testing tools), you can contact Salesforce Support for approval.
If you are using Single Sign-On (SSO) through another identity provider (e.g. Okta, Entra), make sure that provider is using MFA and sending valid signals to validate MFA was used (for more information, see Salesforce’s breakdown of signal requirements).
Ensure users are prepared for the change and how to register their MFA method.
Phishing-Resistant MFA for Admins or Privileged Users
What is changing: Salesforce is introducing a requirement for phishing-resistant MFA for users with “privileged” access. This means moving away from verification codes and toward FIDO2/WebAuthn-based passkeys, hardware security keys (e.g. YubiKeys) or built-in authenticators (e.g. Windows Hello or FaceID) that use FIDO2/WebAuthn standards.
Why it matters: Admins hold the keys to the kingdom. Phishing-resistant methods ensure a stronger protection against identity-based threats, and ensures access is tied to authorized users.
Who is impacted:
This change affects all users logging into Salesforce (direct UI or SSO logins) in production or sandbox orgs who meet any of the following conditions:
Users assigned with the System Administrator profile
Users assigned with any one of these privileged permissions: Modify All Data, View All Data, Customize Application, or Author Apex
Once in effect, users will be prompted to register their phishing-resistant MFA method on their next login.
Timeline: This change will be introduced in sandboxes starting June 22, 2026, and in production orgs starting July 1, 2026
How to prepare:
Audit all users who have the System Administrator profile, or one of these permissions: Modify All Data, View All Data, Customize Application, or Author Apex. You can use Salesforce Reports, User List Views, SOQL, or the User Access and Permissions Assistant.
Identify users relying on the “Waive Multi-Factor Authentication for Exempt Users” permission. To restore this exemption for valid use cases (e.g., automated testing tools), you can contact Salesforce Support for approval.
If you are using Single Sign-On (SSO) through another identity provider (e.g. Okta, Entra), make sure that provider is updated to use phishing-resistant MFA, or enable Salesforce MFA for SSO logins (for more information, see how to configure SSO for MFA compliance).
Ensure users are prepared for the change and how to register their MFA method. Encourage them to pre-register before the enforcement date to avoid disruptions.
What is changing: Salesforce will automatically detect and contain traffic that:
Are from “High-Risk” connections through Connected App or API usage.
Examples of “high risk” connections include anonymizing VPNs (e.g. NordVPN, ExpressVPN, Surfshark, or ProtonVPN), Proxies (e.g. HideMyAss or KProxy) or high-risk IP addresses (e.g. public wifi, blocklisted IPs)
Connected App or API usage may include integrations, plugins (e.g. Salesforce Inspector Reloaded) or use of CLI tools.
Are significant, novel deviations from typical user login activity based on network, client, authentication events, and geolocation. (detected through an AI-driven monitoring system)
If a high risk connection is identified, the following actions will be taken:
The affected user account will be frozen.
All OAuth refresh tokens granted to the user will be revoked.
An email will be delivered to org admins from Salesforce Security (See Administrator Notifications below).
The affected user will need to contact their org admin to restore access to their account.
Why it matters: This enhancement is aimed at protecting against suspicious activity via anonymizing VPNs, proxies, or high-risk IP addresses; credential harvesting; and token theft.
Timeline: This change started April 24, 2026
How to prepare:
Ensure users running integrations, plugins or connects are not doing so from high-risk sources
If automated containment affects a user, review their session and restore access by unfreezing their user
Users will need to avoid connecting from high-risk connections to prevent re-containment. They will also need reauthorize any connected apps
If your only admin account is locked out, contact Salesforce Support by phone to have your account reactivated
What is changing: Salesforce is introducing “Step-Up Authentication.” Even if a user is already logged in, they will be prompted to re-verify their identity (via MFA) when they attempt to run or view reports if a configurable amount of time has passed since their last step-up challenge.
Why it matters: This change is intended to prevent malicious data breaches or unauthorized transfer of data to external locations. Given that report views and exports can be susceptible to scraping or unauthorized external use, the step-up authentication ensures these actions require a stronger authentication challenge.
Who is affected: This change impacts all users (direct login or SSO) who run or export reports.
Timeline: Sandboxes will see this available starting May 27, 026 and enforced starting June 3, 2026. Production orgs will see this available starting May 27, 026 and enforced starting June 10, 2026.
How to prepare:
Ensure all users (especially SSO users) have a registered Salesforce MFA method, a valid email, or an SMS phone number, as they will need this to pass the challenge.
Review and Configure the Policy: In Setup, go to Identity Verification settings and adjust the cool-down period threshold if your business requires a timeframe different from the 120-minute default.
The Bottom Line
June 2026 is right around the corner. By leaning into preparing for these enhancements now, you’re not just racing to a deadline—you’re hardening your business against the next generation of digital threats.
As you prepare for the rollout, keep these three steps top of mind:
Audit: Identify which users will be impacted by the permission changes.
Test: Run your critical processes in a Sandbox environment.
Educate: Ensure your stakeholders understand the ‘why’ behind the new security protocols.
With a clear plan in place, the transition to a more secure Salesforce platform will be a seamless one.Need a hand getting your security posture ready for 2026? The Sercante team is ready to help you audit and prepare your org for these upcoming changes and your overall security posture. Reach out today!
If you’re exploring Agentforce or Data Cloud, but feel unsure where to start—or how to ensure real outcomes—you’re not alone. In our recent webinar, “A No-Nonsense Guide to Launching Agentforce & Data Cloud,” we heard from marketing, RevOps pros, admins, and IT professionals across industries who are in the same boat.
The good news? You don’t need to launch a massive initiative to get started. But you do need a strategy. To help guide yours, I’ve shared the key concepts from the webinar where I spoke alongside Sercante’s VP of Growth & Alliances, Lauren Noonan, and Data Cloud Practice Director, Austin Frink, for our proven approach to creating a strategy for Agentforce & Data Cloud that sets you up for success.
Why having a strategy for Agentforce and Data Cloud is imperative
Implementing Agentforce or Data Cloud without a clearly defined strategy is like building a house without blueprints. According to RAND, over 80% of AI initiatives fail—not because the technology doesn’t work, but because teams skip over the foundational work of aligning their tools to real problems, realistic goals, and existing infrastructure.
What we’ve often experienced is that implementing these tools without a clear strategy often exposes existing challenges:
Data silos become more obvious.
Misaligned processes are harder to ignore.
Adoption falters because people don’t see the value.
When we’ve asked organizations about their vision or what they want to accomplish, we’ve heard many who say, “I want an agent” or “I want a unified profile.” While those are great aspirations, they are just starting points. A successful implementation requires more than a desire for automation or consolidated data. It requires a full vision of the why, the what, and the who.
Setting an impactful vision
Instead of focusing on the tool, focus on the challenge, the opportunity, and the people involved.
Ask yourself:
Why do we want an agent or a unified profile?
What business challenge are we solving?
What do we want the agent to actually do? / What will the data be used for?
How will the data or AI support better decisions?
Who will benefit, and how?
When considering these questions, be specific. If your starting point is, we want to have better segmentation or to deliver more personalized experiences, dig deeper. What would you like to segment by? Are there specific segments you’re focusing on for a business need? What part of the customer experience would you like to personalize more? Uncovering the more specific needs that lie within will help shape a more actionable vision.
Other questions you can consider for getting started to identify your use cases are:
Where are the friction points in your customer journey?
What repetitive tasks are your teams spending time on?
What segmentation or personalization capabilities are limited by your current data?
Use this framework to build your vision statement. Your vision should capture:
WHAT: The capabilities you’re adding
WHY: The impact those capabilities will have
WHO: The people in your organization who will benefit
This vision becomes your team’s north star. As you outline the use cases for Agentforce and Data Cloud, you will also need to define how they will impact the business.
Anchoring your Agentforce & Data Cloud use cases to business value
Lauren Noonan emphasized during the webinar, that this step is often missed, but it’s key to alignment. The use cases that drive meaningful business value are the ones that sustain momentum and stakeholder support.
To help frame your use cases in terms of the level of impact, consider impact levels such as the following:
High: Critical to strategic goals or revenue
Medium: Important contributor to organizational priorities
Low: Helpful improvements, but not game-changing
For example, one Agentforce use case that would be considered higher impact would be streamlining lead qualification and routing.
Use Case: AI-Powered Lead Qualification & Routing Agent Scenario: Deploy an Agentforce assistant that engages with inbound demo requests, asks qualifying questions (budget, timeline, decision-maker status), and routes hot leads to the correct rep in real-time based on region, product, or account type. Why It’s High Value:
Directly impacts pipeline acceleration and conversion rates
Reduces lead response time, which is closely tied to revenue performance
Supports strategic goals around improving sales velocity and rep productivity
Teams Impacted: Marketing Ops, Sales Development, Revenue Leadership, Prospects, Customers
Notice how the above framing points to impacts such as increased pipeline velocity and speed to lead which leads to higher conversion rates, all tied to revenue.
Medium to low-impact Agentforce use cases might include ones that result in internal efficiency gains, such as streamlining campaign brief creation or surfacing answers to FAQs faster using articles from your knowledge base. However, these lower-impact use cases are often a low-risk and lower level of effort to deploy, so they can be a great starting point as small efficiency gains do add up and free up your team’s time to focus on higher-impact initiatives. Continue to weigh this as you frame your roadmap of priorities.
The other detail to call out from the lead qualification and routing Agentforce example is that it outlined the people who would be impacted. Which is often overlooked, but absolutely necessary when creating your strategy.
Considering the level of impact on your people
Agentforce and Data Cloud aren’t just technical implementations—they’re changes to how people work. According to CIO Dive, 42% of businesses have scrapped most of their AI initiatives in the last year, where studies have shown that the teams that see success are ones that are customizing their use cases and prioritizing them according to their needs and impact. As Lauren shared in her previous article on how to create your AI roadmap, “your unique AI path is the only one that matters.”
You have a unique set of people at your organization with different skill levels, needs, and talents. Not considering a change management plan for how your Agentforce and Data Cloud rollout will be applied will often lead to low adoption rates, causing a low level of success and your initiative to fizzle out.
That’s why it’s so important to assess:
How will workflows shift?
What training or enablement will be needed?
How disruptive will this be to current roles?
Then classify the level of impact on your people:
High: Many roles and processes change significantly
Medium: Moderate impact with some changes to roles or responsibilities
Low: Minimal disruption to current workflows
Evaluating the level of business value alongside the level of impact on your people will help determine which use cases you might want to prioritize first based on the level of effort to deploy.
During the webinar, we showed the chart below as a visualization of the ideal intersection point, which is medium-to-high business impact and low-to-medium people impact, with a lower level of effort to deploy.
The other aspect of your strategy that needs to be considered is the dependencies involved with deploying your use case for Agentforce and Data Cloud.
Understanding your dependencies
As Austin Frink and I emphasized in the webinar: implementation depends on more than just ideas. You need to understand the full picture of what it’ll take to make your use case a reality. That full picture includes the infrastructure that you have, including:
Technology: What do you already have? Where are the gaps?
Data: Do you have the right data sources? Are they integrated? Is the quality strong enough?
People & process: Who owns what? Where will the lift be felt most?
Dependencies aren’t necessarily roadblocks, but more factors that will help you to decide where you might want to start when it comes to implementing technology like Agentforce and Data Cloud.
The last piece to consider when defining your strategy is the metrics you’ll use to measure the impact of your Agentforce and Data Cloud initiative.
Defining your metrics for measurement
Your metrics will be used to help prove the business values that you defined earlier. For every use case, identify one or two key success metrics. Before you start your Agentforce and Data Cloud project, measure where you are right now to get a baseline, so that you can benchmark later on and compare your level of improvement.
Some ideas:
Customer satisfaction
Campaign performance
Churn rate
Ideas of metrics that could be associated with our Agentforce use case example of lead qualification and routing, would be speed to lead, conversion rate, and sales cycle time. If your use case will focus more on efficiency gains, consider the amount of time it takes your team to perform the task without the agent implemented, and then measure the hours of time that are saved as a result.
Pro tip: When bringing your strategy to stakeholders, share what your team will accomplish with the time gained back. This goes beyond just thinking through the metrics, and it will be key when articulating the full picture of the impact that implementing Agentforce and Data Cloud can have on your business.
Identifying a success metric is one part of it, you also want to make sure you have defined how that metric will be tracked and validated. For example, will it come from Salesforce, Data Cloud or an external system? Consider, are you capturing the fields that are needed for that metric today?
Also, don’t forget to capture a pre-project snapshot of your metric. Without a clean, documented baseline gathered before any implementation, you lose the ability to accurately show ROI.
Common misconception: you don’t need to start with a massive rollout
One of the most common misconceptions when teams are thinking about implementing Agentforce and Data Cloud is that it requires a massive rollout and overhaul. However, this is not the case.
You don’t have to ingest all your data to use Data Cloud. You don’t need to first implement Agentforce into every aspect of your business.
Start with:
1–2 use cases
Lower people impact
Medium-to-high business value
Clearly defining your use cases will inform you of the data that you’ll need, which will then point to the data sources required. The use case will then point to the agent that you’ll need and the teams or subsect of a department that will be impacted.
As the CMO of Mogli, Christina Scarmeas, shared during her conversation with us about how her team approached implementing Agentforce, “It’s okay to take a crawl, walk, run approach.”
Which is why Sercante service offerings such as an Agentforce Quickstart or Data Cloud In-A-Box are so helpful for teams. They enable you to start small, accelerate time-to-value, and showcase the impact, to then scale the initiative to other areas of the business.
Let’s get started with your approach to Agentforce and Data Cloud
To recap, a successful approach to Agentforce and Data Cloud includes:
A clear, problem-driven vision
Use cases tied to real business value
Understanding the people impact
Mapping your technology and data dependencies
Identifying the metrics that will be used to measure impact
Having this all defined will help to serve as your team’s north star to guide a successful approach to Agentforce and Data Cloud.
Now I know how it can be overwhelming to think through all of this, especially with multiple department goals and initiatives, so if you’d like support with creating your Agentforce and Data Cloud strategy, reach out to the Sercante team. We’ll listen to understand your goals, challenges, and help bridge the gap between your vision and reality, for an impactful Agentforce and Data Cloud rollout.
Several data breaches affecting a wide range of companies that use Salesforce have been reported in recent weeks. These incidents have impacted organizations across various sectors, including technology, retail, and insurance. The exposed data has varied by victim but has commonly included customer contact information, internal business records, and even sensitive data like API tokens and credentials.
Sercante clients can be assured that our systems have not been impacted by these recent attacks, however we want to make sure that Salesforce customers are aware of these incidents and are equipped to safeguard their instances.
How the Breaches Occurred
The recent breaches are not due to a vulnerability within the Salesforce Core platform itself. Instead, threat actors have used sophisticated social engineering and supply chain attacks to gain unauthorized access.
One common method has been targeted voice phishing (vishing) campaigns. In these attacks, bad actors impersonated legitimate employees or IT support staff to trick victims into downloading a malicious replica of Data Loader and granting access to their Salesforce environments.
In a recent and widespread campaign, attackers leveraged compromised OAuth tokens for a third-party application, Salesloft Drift. By exploiting the integration between the app and Salesforce, the threat actors were able to export large volumes of data and credentials from numerous corporate Salesforce instances in what is called a “supply-chain attack”. . The attackers were able to steal “digital keys,” or authentication tokens, from the Drift app. They then used these stolen keys to access and steal data and credentials like passwords, API keys, and access tokens for other services that could be used to compromise other systems integrated with Salesforce.
This highlights a critical risk: while the core platform may be secure, its connections to third-party apps can introduce vulnerabilities.
Risk to Salesforce Customers
The primary risk to Salesforce customers lies in the potential for stolen data to be used for further attacks. Customer contact information and other details can be weaponized in targeted and highly convincing phishing and social engineering campaigns to gain access to other corporate systems. The exposure of sensitive information like API tokens and credentials poses a significant threat, as it can be used to compromise connected systems, such as other cloud platforms or internal networks.
UPDATE: If you are a Drift customer – Salesloft has announced plans to shut down its Drift chatbot following their recent security breaches. This no doubt presents a challenge to your website engagement strategy. The Sercante team is well-versed in the various conversational platforms that integrate seamlessly with Salesforce and can help you navigate this transition.
Recommended Actions for Protection
While Salesforce has taken steps to restrict the use of “uninstalled connected apps”, customers should take steps to protect themselves from similar threats:
Reauthenticate Drift Connections: Salesloft Drift customers will need to reauthenticate their Salesforce integration with Drift. It’s also advised that any and all authentication tokens stored in or connected to the Drift platform should be considered potentially compromised and update them immediately.
Rotate all credentials and keys: Immediately change any passwords, API keys, and other access tokens that were stored in your Salesforce instance
Investigate your Salesforce account: Look for any unusual activity in your Salesforce login history, audit trails, and API access logs from early to mid-August 2025. Look for suspicious logins or data access patterns, particularly from the user account associated with the Drift integration.
Audit Third-Party Apps:Audit your connected apps to make sure they are secure, and make sure that all third-party apps connected to your Salesforce account have only the minimum permissions they need to do their job and revoke access for any app that is no longer in use.
Secure APIs and Integrations: When configuring new integrations, restrict API access by defining trusted IP ranges and ensuring that connected apps have the most restrictive scope possible.
Apply the Principle of Least Privilege: Limit user permissions to only what is necessary for their job role. Restrict administrative access and minimize the use of permissions like “Modify All Data.”
Be on high alert for phishing: Warn your employees to be extra cautious about any unexpected or unusual emails, phone calls, or messages. The attackers may use the stolen contact information to try and trick people into giving up more sensitive data.
Rinse & Repeat: Security isn’t a set it and forget it function. It takes constant and consistent vigilance to protect your systems and data.
While the core Salesforce platform is secure, recent data breaches are a reminder that a company’s security is only as strong as its weakest link, which is often a third-party app or a human being. To stay safe, you have to be proactive. By using strong security practices, enforcing strict access rules, and training your team, you can drastically improve your defenses. Ultimately, keeping your data safe is a team effort—you, Salesforce, and all of your employees have a role to play.
If you’d like a guide to help you navigate how to optimize data protection in your organization with Salesforce, reach out to the Sercante team. Our experts can be your guide for impactful next steps.
As a marketer, you’re eager to use AI for better segmentation, smarter campaigns, or generative content. But a huge piece that can’t be ignored when you’re getting started with AI is getting your data AI-ready.
Up to 87% of AI projects never make it to production, and the top reason is poor data quality (Akaike Technologies, 2025). On the flipside, companies that invest in data quality see a 50% improvement in AI project success (Deloitte AI Institute, 2024).
Meaning your data matters now more than ever. But this isn’t about letting your data hold you back from innovation. It’s about getting a clear, actionable plan for how to improve your data while you get started with AI, so you’re setting yourself up for success and maximizing its value.
Why data quality can’t be an afterthought
AI is only as effective as your business strategy and your data. Data is at the heart of AI, and is used to learn from and gain insights that it uses to perform tasks.
Therefore, when data quality is an issue, that can mean:
Incorrect predictions and flawed insights
A hit to customer trust when personalization fails
Internal teams losing confidence in the tools and systems they’re using
Therefore, taking the time to prioritize your data is worth it to ensure AI is learning from and pulling in accurate insights to power your analytics, workflows, and customer experiences.
Common culprits of bad data (and how to spot them)
Most data issues fall into a few predictable categories. If you’ve ever built a Salesforce report and wondered, “Why does this feel off?”, one of these is probably the reason.
Duplicate records Multiple versions of the same contact or lead, often with partial or conflicting information. Not only does this skew your reporting, it can lead to awkward missteps in customer communication.
Incomplete data Records missing key fields like title, lead source, or industry. When critical information isn’t captured or required, it limits your ability to segment, personalize, or even report accurately.
Inaccurate data Outdated job titles, incorrect email addresses, or other bad intel that throws off targeting and undermines trust.
Inconsistent formatting Examples: “U.S.” vs. “United States” vs. “USA” in a country field. These inconsistencies might seem small, but they wreak havoc on reporting and automation.
Data silos On average, companies are juggling data across 367 apps. That can create disconnects between your CRM, marketing automation platform, website, support tools, and more, meaning no single source of truth and missed opportunities for smarter AI use.
If you’re reading this and thinking, “I recognize all of these culprits in our org.” and are feeling overwhelmed, let’s take a deep breath. You don’t need to clean your entire data house in one day.
The Step-by-Step Guide to Get Your Data AI-Ready
You can work in manageable chunks. It all starts with framing the first AI use cases you want to get started with, because this will determine the data you need and thus prioritize where you’ll want to focus for optimizing your data.
Step 1: Identify your AI use cases
Think about: what do you actually want AI to help with? Look at your day-to-day. What’s repetitive and time-consuming? Do you find yourself taking a long time to create campaign briefs, segment audiences, or draft variations of copy to personalize communication?
Once you start creating your list of potential opportunities for AI, start to consider who is involved in the process, what is the goal that AI will help you achieve, and are there any dependencies around it?
As the Sercante team shared during their session, AI Roadmap: The Strategy for Driving Growth with AI, consider the level of effort involved with each use case and the impact on the people involved. You want to aim to prioritize your first use cases that have a relatively low level of effort and a lower impact on your people. This will enable easier pilots and experimentation, so you can see what the initial results are and then make tweaks or scale from there.
Once you know your top 1–2 use cases, you’ll have a clear view of what data will be needed.
Step 2: Perform a data audit
After you understand the data that will be needed, it’s time to audit that data and check for the common culprits. Are there any duplicates, inconsistencies, inaccuracies, or just data that is missing? Check for the signs of dirty data across the key objects and fields that will need to be used for your AI use case.
Here is my go-to checklist for an audit that starts to get your data AI-ready:
Identify key data objects and fields
Define data quality metrics
Identify & categorize data issues
Document critical data sources and data points
Assess field usage
Review knowledge sources for accuracy and AI accessibility
Review permissions – who can see what
Assign effort levels & quick wins
Some tools that can help with this process are Data Quality Analysis Dashboards (find it on the AppExchange here), OrgCheck, and other third-party tools on the AppExchange that can assess for data quality and field usage.
Step 3: Establish data standards
Once you uncover the issues, you want to put processes and standards in place to prevent future messes. Documentation that has proven to be effective for teams is creating a data dictionary or a style guide.
Whichever you implement, the data documentation should:
Answer who is using this data and what this data is being used for
Establish clear rules based on business requirements
Define acceptable values, formats, and relationships
Foster alignment across teams around the data standards
All teams that are involved in using the data should have an understanding of what the proper usage is and how to maintain clean data now and in the future.
Step 4: Cleanse and normalize the data
Now the cleaning begins. Remember to approach this in manageable chunks. Focus on the data that is needed for your top AI use cases first. The actions you need to take for this step will be determined by what you uncovered in your data audit, but here is a general checklist that you can use as a guide:
Clean up / merge duplicates
Delete obsolete data
Correct missing values, errors, and inconsistencies
Perform mass updates
Leverage data cleaning tools or scripts
Update knowledge sources
Don’t forget to back up your data first!
Tools you can use to help with this process are native duplicate management tools or third-party ones on the AppExchange. There are also third-party tools on the AppExchange for data cleaning and data enrichment that I recommend checking out before diving into this step.
If during your data audit you discovered that silos and disparate systems are a huge issue, and you’re wondering if you’d be a good fit for a customer data platform (CDP) like Data Cloud, reach out to the Sercante team. We can help you navigate what to consider and create your strategy for how to approach the technology in a way that sets your team up for success.
It seems like the work to clean your data is never done, however, you can do your due diligence to put systems and processes in place to prevent major issues in the future that would hinder your team from getting the full value out of AI.
Prevent bad data entry
Where possible, use picklists to help standardize your data and restrict access to maintain data integrity. Make field requirements for records to be saved with helpful error messages to remind teams of your data standards.
Create data validations or automated updates. For example, setting up a Salesforce Flow that automatically checks the format of an email address when a new Lead is created.
Execute training and create enablement
Make sure that all teams involved with the data are educated on data entry best practices and the importance of data quality. Refer back to your data standards to reinforce the alignment among the teams.
Evaluate data integrations
Remember those data silos? If these continue, data issues will persist and cause your team to continue to do manual cleanup, which is what you’re trying to avoid.
Look at the systems that are disconnected and see what integrations can be made to automatically keep data synced. This is also where a CDP may be considered.
Establish a regular data audit cadence
You want to prevent your database from reverting to the original state you found it in when you first started your data audit. Therefore, aside from putting these systems in place to prevent future data issues, you’ll also want to set a regular cadence for yourself to check your data for the common culprits to uncover any small issues before they turn into major ones.
Clean data means smarter, more effective AI-driven marketing
Getting your data AI-ready is a critical piece to getting the most value out of AI. It’s not about achieving perfection to the point where it gets in the way of getting started with AI. It’s about creating a foundation through manageable chunks that will enable the AI to effectively deliver for your team and your customers.
Data quality is essential for any successful AI-driven marketing strategy, and by using this step-by-step guide, you can take practical, ownership-driven steps to collaborate with your Salesforce Administrator, sales, IT, and customer success teams to improve data readiness.
Autonomous AI is transforming the way organizations operate, and Salesforce’s Agentforce is at the forefront of this revolution. The product was made generally available by Salesforce in October 2024. Whether you want to streamline case management, enhance lead nurturing, or delight customers, Agentforce empowers businesses to accomplish more with fewer resources. In this post, we’ll share five practical tips to help you successfully implement and use Agentforce.
Before diving into the tips, let’s take a closer look at what Agentforce is.
Agentforce enables autonomous AI agents to perform tasks without human intervention, acting as digital workers within Salesforce or external customer channels. These agents enhance productivity by automating routine tasks and assisting with complex ones. With tools like Agent Builder, you can customize agents using pre-built topics and actions or create entirely new ones tailored to your organization’s needs.
Agentforce integrates seamlessly across the Salesforce platform, leveraging Data Cloud for reasoning and learning. Out-of-the-box agents include Service Agents for case deflection, with more capabilities to be released in December 2024, such as SDR and sales coaching agents.
Unleashing the Power of Agentforce: Five Steps to Get Started
Follow these five steps to get started on the right foot when you dive into Agentforce.
Tip 1: Identify Use Cases
Start by identifying where Agentforce can deliver the most value in your organization. Ask yourself:
How are you using your CRM today?
What are the current pain points in your processes?
Are there routine tasks that could be automated to free up team capacity?
Are there new processes you’ve avoided due to resource constraints?
Examples of use cases include automating FAQ responses for service teams, generating campaign briefs for marketing, or assisting sales reps with lead prioritization and moving deals faster.
Then for each use case, think about what would be needed to transition to an agent:
What job should they do?
What actions will they need to take?
What actions should they NOT take? (This is just as if not more important to make sure you have defined the lane where an agent should operate within that use case)
Your responses to those questions are going to help you to understand the level of effort involved in use case. This in turn is going to help you to prioritize based on the level of effort and potential value
Tip 2: Define Success Metrics
To gauge the success of your Agentforce implementation, establish clear goals and KPIs.
Questions you can ask:
What does success mean? How will we know we have addressed our problem?
What metrics are we tracking today that we want to see improvement on?
Are there additional metrics that will let us know we are seeing success?
For example:
Reducing average case handling time by 20%
Improving lead response times
Increasing campaign ROI by automating content creation
Ensure you have baseline data for comparison and that the necessary measurement tools are in place to help you track success.
Tip 3: Assess Your Data
Your AI agents are only as good as the data they access. For the use cases identified, evaluate your data readiness:
What data do need?
Where is it located? Is it in your CRM, Data Cloud, or other external systems?
Is it accessible from your CRM? If it’s stored in an external system, do you have APIs in place to get that information?
Is the data clean, accurate, and up-to-date?
Follow this blog post for tips on how to keep your imported Pardot prospect data clean.
Do you have a single view of the customer across systems?
Lastly, are knowledge bases and metadata structured for easy access?
Agents need knowledge to inform how they will operate and answer questions. This is all of the background configurations your agents actions will rely on — flows, prompts, and Apex for example — they need to also be clearly identifiable and accessible.
When you add actions to your topics, it uses the descriptions to help fuel the instructions. The naming conventions of your resources will also make it easier to determine what the inputs and outputs need to be.
Data and metadata are the backbone of AI performance, so this is an important area to pay attention to.
Tip 4: Start Small
After completing the previous steps, you may have more than one great use case to start with. Here’s where you ask yourself: What are the quick wins that we can get started on that can move the needle and that we can expand on as we mature?
It’s really easy to get caught up on how this can solve ALL the things. There are many challenges to starting a complex process all at once. If a lot of effort is required to get the data in place or to get the actions set up, it will be more difficult to roll out, not to mention making it potentially disruptive and prone to issues
Avoid the temptation to tackle complex processes right away. Instead, focus on a simple, high-impact use case to pilot Agentforce. There are many out-of-the-box topics and actions that make getting started easier. For example, automating a single FAQ response or generating summaries for sales reps.
Starting small helps build confidence, momentum, and organizational buy-in, and it also reduces the risk of missteps.
Tip 5: Nail Down Clear Instructions
When designing agents, clarity is key. Use the Agent Builder to create and test well-defined topics and actions:
Topics – Include precise instructions for classifying user requests, setting guardrails, and outlining scope.
Actions – Clearly define what the agent should do, including required inputs and expected outputs.
Salesforce Agentforce Topic Instruction Best Practices
Instructions are the foundation for grounding how agents perform. They set the guardrails for how the agent should behave and give the agent the context it needs to do its job.
Here are a few best practices for writing Agentforce topic instructions:
Start simple
Start with the main use case first to ensure the agent is performing as expected. Then, add in more detail to address edge cases. Be sure to test existing instructions for any conflict. You don’t want to confuse the agent!
Use plain language
Use concise natural language to describe what your action does. Keep it to 1-3 sentences, and it can include the goal of the action, any use cases, and the objects or records it uses or modifies.
In general, the more relevant detail you include in your instructions, the easier it is for the agent to differentiate between actions. Also, be sure to vary the words you use. For example, use a mix of “Get,” “Find,” “Retrieve,” or “Identify” for actions that will query records.
Avoid industry or company jargon
Write like you are instructing someone who doesn’t know your business. Even terms like ‘qualified lead’ could mean something different from one organization to another. Give context where necessary, and reference clear criteria using the data it will have access to.
For example, instead of vague terms like “qualify lead,” specify conditions such as “lead status equals MQL.”
The agent isn’t not going to know your business processes either, so be explicit about the sequence of instructions or any conditions a conversation must meet for an agent to apply an action.
Think of all the paths
You want to go through every possible permutation to determine the actions required. For example: a customer reaches out because they didn’t receive their order.
First think about the order status ( Order Shipped, Delayed, Not Found, Processing). If the status is Shipped then there could be different tracking statuses (In Transit or Delivered for example). If the order is showing as Delivered, was it delivered to the customer’s correct address? Was it stolen? …and so on.
Remember the Guardrails
Keep the Agent in its lane by providing clear instructions on what the agent should not do to prevent unwanted responses. In cases where the agent is customer-facing, be sure to also give clear direction on when an interaction should be routed to a human.
Test these instructions thoroughly in the Agent Builder’s testing environment to ensure your agents behave as expected.
Ready to Explore Agentforce?
Agentforce offers an exciting opportunity to enhance productivity and streamline operations. By identifying the right use cases, preparing your data, and starting with manageable projects, you can set your organization up for success.
