Vulkro for Salesforce
Your org has AI agents now. Review them like code.
Salesforce orgs are now partly written by AI too: Agentforce agents acting on records, generated Apex, Flows prompted into existence. The security review has not kept pace, and the first Agentforce breach has already happened. Vulkro for Salesforce reviews your code, metadata, and org settings on your machine, in the language the AppExchange security reviewer uses, and nothing about your org is uploaded anywhere.
- Scans run locally
- Nothing uploaded
- No AI in the scan
- Reads zero customer records
- 14-day full trial
$ vulkro-sf scan ./force-app [HIGH] AS-003: agent grounding reads an untrusted free-text field (Case.Description) with no sanitization marker. in support_agent.agent : the ForcedLeak injection vector
Nine areas of risk, dozens of checks each. One command runs all of them on your machine. Pick yours to jump to the detail.
Agentforce and AI agents
Apex code
Lightning: LWC and Aura
Flows
Access and sharing
Org configuration
Secrets and credentials
Data exposure
AppExchange readiness
One command checks all nine, entirely on your machine.
The new surface
Agentforce is an attack surface. Almost nobody reviews it.
An AI agent in your org reads record fields, grounds on your data, and calls your Apex. Attacker text planted in a Description field becomes an instruction; an action bound to a without-sharing class becomes a data leak. ForcedLeak proved the class is real. Vulkro ships 15+ detectors for exactly this surface, and reviews both the compiled agent metadata your org runs and the Agent Script source you author.
The ForcedLeak pack
Compiled agent metadata
Agent Script source
New in SF v0.5.0
Live-org AI inventory
New in SF v0.5.0
AI-origin audit
A knowledge bundle that keeps up
The flagship report
Know the Security Review verdict before you pay for one.
The AppExchange Security Review readiness report rolls every finding up into the published Partner Security Review requirement categories and gives one verdict: READY or GAPS. CRUD and FLS gaps and sharing mistakes, among the top reasons a review is rejected, are exactly what the underlying detectors target.
The readiness verdict
The engineer's gate
The file you hand off
A failed Security Review costs the per-submission fee Salesforce charges, the resubmission queue, and the release you had planned around it. Finding the blockers on your own machine first is the cheap path.
How it finds real risks
It follows your data across Apex, then tells you if it is safe.
A pattern scanner flags anything that looks like a database call and buries you in false alarms. Vulkro follows the actual path a piece of untrusted input takes through your Apex, and only raises an alarm when it reaches something dangerous with no access check in between. Fewer false alarms, and the serious risks caught.
Same input. The only difference is whether an access check sits in the path, and that is exactly what Vulkro follows. The same follow-the-data engine reviews the path from an AI agent action into your Apex.
The same approach powers the Apex, Lightning, Flow, and access checks below. Same code, same result, every time. No AI in detection, no guessing.
The depth
Built for the checks a reviewer actually rejects on.
CRUD and FLS gaps and sharing mistakes are among the top reasons an AppExchange Security Review is rejected, and Vulkro for Salesforce targets them directly.
109
Salesforce detector modules
70+
Well-Architected anti-pattern rules
15+
Agentforce and AI-agent detectors
Interprocedural Apex taint
LWC-to-Apex cross-language bridge
A live-org audit that stays hands-off
Group 01 / Your code
The code your team wrote.
The flaws in your own Apex, Lightning, and Flows are the ones a reviewer rejects and an attacker hits first.
Apex code
Lightning: LWC and Aura
Flows
Group 02 / Access, configuration, and secrets
Who can reach what, and how the org is set up.
Most Salesforce incidents were not code bugs. They were an over-broad profile, a connected app with the wrong scope, or a setting nobody wrote down. Vulkro reviews all of it.
Access and sharing
Org configuration
Secrets and credentials
Data exposure
All of this runs on your machine. Vulkro for Salesforce reads your code and settings only, and never reads your customer data.
The proof
Built from the breaches that actually hit Salesforce.
Each check maps to the weak spot behind a real, published Salesforce incident. You are catching the patterns that already cost other teams real customers.
ForcedLeak, the first Agentforce breach
Drift OAuth token theft
Gainsight OAuth abuse
Experience Cloud guest user exposure
ShinyHunters vishing campaigns
Reviewer-aligned. Reads zero customer records. Runs on your machine. Licensed the same way as the core scanner: per seat, directly through our team.
Not just Salesforce
The same offline engine scans your other code.
Your services outside Salesforce have their own risks: broken access, injected input, leaked keys, risky dependencies, and the new risks your AI coding tools bring in. Those ship in the core Vulkro scanner, built on the same offline engine, so nothing you run ever leaves your machine.
What the core scanner covers
Your application
Secrets and personal data
Dependencies and supply chain
AI development surface
Infrastructure
What it does not do
Where this edition is the wrong tool, we say so.
If it is not on this page, assume this edition does not check it yet, and tell us what you need. Covers Agentforce and Agent Script, Apex, Lightning (LWC and Aura), Flow, Visualforce, and your org configuration.