Skip to main content

AGENTFORCE-32.1 ยท Unintended Autonomous Blast Radius

๐Ÿ” Enterprise Tier ยท ๐ŸŸ  High ยท Category: Graph: Cascading Automation

Detection Logicโ€‹

Traces the unintended cascade chain from an LLM-triggered DML operation through an ApexTrigger into async external callouts โ€” automation that the LLM planner, developers, and admins never intended to connect.

graph LR
  FN["GenAiFunc / ActionDef"]
  APEX["ApexClass\n[hasDmlOperations=true]"]
  OBJ["Object\n[e.g. Lead]"]
  TRIGGER["ApexTrigger\n[after insert/update]"]
  ASYNC["@future / Queueable\n[hasExternalCallout=true]"]

  FN -->|TARGETS| APEX
  APEX -->|DML on| OBJ
  OBJ -->|FIRES| TRIGGER
  TRIGGER -->|dispatches| ASYNC
  ASYNC -->|"โš ๏ธ HTTP callout to external system"| ASYNC

What Triggers Itโ€‹

HopCondition
1GenAiFunc / ActionDef โ†’ TARGETS โ†’ ApexClass[hasDmlOperations=true]
2ApexClass DML targets a specific SObject (extracted from metadata or heuristic)
3Object โ†’ FIRES โ†’ ApexTrigger[events includes afterInsert/afterUpdate]
4ApexTrigger with hasAsyncDispatch=true AND hasExternalCallout=true

Real-World Scenarioโ€‹

"The Sales Automation Lead Update Blast": An agent action updates a Lead record. An after update trigger fires and dispatches a @future callout to a financial API for lead scoring. The agent was never intended to interact with the financial system โ€” but it does, on every LLM invocation that targets the Lead object.

Remediationโ€‹

  1. Guard the trigger: Add a static boolean flag in the invocable Apex class that the trigger reads to suppress async dispatch when the call originated from an agent action.
// In InvocableLeadUpdate.cls
public static Boolean agentContext = false;

@InvocableMethod
public static void updateLead(List<Lead> leads) {
    agentContext = true;
    update leads;
    agentContext = false;
}

// In LeadTrigger.trigger
if (!InvocableLeadUpdate.agentContext) {
    LeadScoringService.dispatchAsync(newLeads);
}
  1. Document the cascade for operations teams โ€” label the trigger with a comment referencing this rule ID.
  2. Consider moving the async dispatch to an agent-observable Flow step instead of a trigger.