AGENTFORCE-20.1: DML Bypassing FLS in Invocable Actions
๐จ Critical ยท Excessive Agency
Detects Apex classes invoked by AI agent actions that perform DML operations (insert/update/delete/upsert/merge) without enforcing Field Level Security (FLS). The LLM planner is oblivious to the Apex permission model โ it will call the action regardless of the running user's field access rights, enabling privilege escalation.
Detailsโ
| Field | Value |
|---|---|
| Rule ID | AGENTFORCE-20.1 |
| Severity | Critical |
| Category | Excessive Agency |
| Compliance | SOC2_CC6, NIST_AI_RMF, EU_AI_ACT_HIGH_RISK |
Remediationโ
Refer to the SquireX documentation for
remediation guidance specific to AGENTFORCE-20.1.