Frequently Asked Questions

We update this topic with questions we get from our community. Keep checking in for updates.

What is the Agentforce Vibes extension?

Agentforce Vibes extension is an AI-enabled developer tool that is available as an easy-to-install VS Code extension built using secure, custom AI models from Salesforce.

What data has the Agentforce Vibes extension been trained on?

Agentforce Vibes uses our trusted LLMs SFR model and premium 3rd party models to assist you through Salesforce development. These models use expertise that's learned from anonymized code patterns.

Where can I learn more about Agentforce Vibes extension Privacy and Data Protection?

See Trusted AI from Salesforce.

Will my code ever be shared outside of Salesforce?

No. Salesforce treats your code as confidential information under your Main Service Agreement (MSA) and doesn't disclose it to other Salesforce customers or anyone outside of Salesforce. Additionally, Salesforce doesn't use your code to improve the product or train the global LLM. See Additional Terms of Use for the Agentforce Vibes Extension for details.

Due to the nature of machine learning, Agentforce Vibes can generate output that resembles code that was used to train the model.

I still have some security concerns. What if my code contains proprietary info?

Before using any code to label or build models, the research team scrubs all personally identifiable information (PII) and secret info from the code. This information includes names, company names, phone numbers, addresses, and hard-coded API tokens. The data is encrypted at rest using customer-managed encryption keys. See Customer-managed encryption keys (CMEK). We also ensure that only Salesforce employees handle your code, not contractors.

What security and compliance measures are in place?

  • Salesforce-Hosted Models: All AI processing is conducted within Salesforce's secure infrastructure, utilizing proprietary models like CodeGen2.5 and xGen-Code.
  • Data Residency: Data remains within Salesforce's environment, adhering to their stringent data residency and privacy standards.
  • User Control: Users have control over what information is shared, with features like the "Use entire file?" toggle to manage context sharing. Soon there will be a feature for users to provide custom context.

Is any code snippet or metadata being sent from the local environment to Salesforce or LLM servers?

Yes—but with strict limitations and controls. The data is never stored.

  • Code and prompts that you explicitly provide to Agentforce (via chat or inline commands) are sent to Salesforce-hosted LLM services.
  • All third-party models are operated within the Salesforce Trust Boundary or by Salesforce partners inside a shared trust zone.
  • Salesforce does not use any of this data to train their models unless explicit consent is given (e.g., through a managed data sharing program).

👉 Only code you manually select or write into prompts along with related metadata context is transmitted to the LLM, not your full project or org metadata.

What data is being captured or processed during the interaction?

Salesforce states the following are processed during Agentforce interactions:

  • Prompt text (what you type into the agent).
  • Code snippets or metadata included as part of a prompt or selection.
  • Session context (e.g., recent commands or previous prompts to maintain continuity).
  • IDE environment metadata (e.g., language type, file type) to improve the response quality.

All of this is handled within Salesforce's trust boundary, adhering to their data residency and privacy commitments.

This data is not stored anywhere.

Are any user or org-level details being transmitted as part of the developer's prompts?

Only minimal user/org data necessary for the session and model personalization is sent:

  • User ID or org ID might be included to support session continuity and rate limiting. But this is not transmitted to LLMs—this information is strictly logged to track and monitor usage and adoption.
  • However, no customer-specific data (e.g., record data, proprietary identifiers, or secrets) is shared unless it's part of the prompt you explicitly input.

Salesforce ensures that:

  • Data is not persisted beyond the scope of the session (unless saved in history by the dev in the IDE).
  • No data is used for training unless you've opted into a program explicitly allowing it.

How does Agentforce Vibes handle data storage and retention?

  • Transient Processing: Data is processed in real-time to generate responses and is not stored persistently.
  • No Long-Term Storage: Salesforce does not retain prompt data or generated code beyond the immediate session.
  • No Model Training: User inputs are not used to train underlying AI models.

This approach ensures that sensitive information remains confidential and isn't stored or reused beyond the scope of the current interaction.

Does Agentforce Vibes support EU data residency requirements?

A4D currently routes requests to LLMs hosted in US and India. EU region support isn't currently available, but we have plans to serve LLM requests from EU region in FY26.