In June 2025, a Google employee got what seemed like a routine call from IT support.
The person on the line spoke with confidence, sounded professional, and came across as completely legitimate.
The technician asked the employee to approve a new app in the company’s Salesforce system.
What made this attack especially striking was its use of deepfake audio, AI-generated voices so realistic that they exploited one of the most trusted methods of authentication.
Yet, this incident would go on to mark a turning point in how enterprises approach modern threats.
This incident, tied to the ShinyHunters group, revealed how attackers are now using artificial intelligence to attempt breaches of company systems.
But it also demonstrated how quickly Salesforce and the broader security community can mobilize to protect customers.
Salesforce as a Security Leader, Not Just a Target
While Salesforce has become a focus for AI-powered social engineering attacks, the company’s response demonstrates why it remains the trusted backbone of customer relationship management for millions of organizations worldwide.
Because Salesforce plays such a central role in enterprise operations, it’s a natural target for threat actors. But security experts don’t see this as a weakness.
Instead, they view it as proof of the platform’s market leadership and the deep trust businesses place in it.
According to WithSecure’s Head of Threat Intelligence, Tim West:
“Hacking groups like Scattered Spider deploy social engineering to gain access to SaaS environments. Their attacks may look technically simple, but that doesn’t make them any less dangerous. What matters is how quickly platforms respond and adapt.”
Salesforce’s Rapid Response to Emerging Threats
When suspicious activity increased in early 2025, Salesforce didn’t wait for widespread damage.
The company acknowledged potential attack campaigns in March 2025, warning customers that threat actors were attempting to manipulate employees into approving malicious connected apps.
Salesforce emphasized that these incidents did not result from flaws in its platform architecture.
Rather, they were examples of advanced social engineering tactics that any organization could encounter.
The company has since implemented comprehensive defensive measures that set new industry standards:
To strengthen its defenses, Salesforce introduced connected app hardening, automatically disabling non-installed connected apps for new users, significantly reducing the attack surface.
In parallel, the company implemented OAuth flow restrictions, blocking connections established through authorization processes that matched known attack patterns.
Beyond these technical measures, Salesforce also enhanced its monitoring systems to detect unusual application authorization patterns in real time and invested in user education, offering clear, practical guidance on how to recognize social engineering attempts.
In August 2025, Salesforce took decisive action and suspended all integrations with Salesloft technologies, including the Drift app, after discovering that OAuth tokens had been compromised in related attacks.
Understanding the Broader Deepfake Landscape
The deepfake threat extends far beyond Salesforce.
The 25 million deepfake heist at engineering firm Arup in early 2024 demonstrated that sophisticated organizations across all industries face these risks.
According to recent research, 70 percent of people report they lack confidence in distinguishing real voices from cloned ones, a vulnerability that impacts the entire enterprise security landscape.
CrowdStrike’s 2025 Global Threat Report found that voice phishing attacks increased by 442 percent between the first and second halves of 2024, driven by AI tools that enable more convincing phishing and impersonation attempts.
The finding highlights a growing challenge for the entire industry, not just for Salesfore.
How Organizations Are Winning Against Deepfake Attacks
Leading organizations are realizing that protecting against deepfake-driven attacks takes more than just advanced technology.
It calls for a complete rethink of how trust and verification are established.
Zero-trust communication frameworks are becoming increasingly common, as organizations look for stronger ways to confirm identity and reduce risk.
For instance, solutions like RealityCheck by Beyond Identity provide verified identity badges backed by cryptographic device authentication and continuous risk assessments.
Likewise, organizations using Resemble AI’s deepfake simulation platform have seen up to a 90 percent drop in successful attacks after its adoption, since the platform uses hyper-realistic simulations to train teams to recognize and respond to threats more effectively.
Leading security practices now emphasize multi-channel verification for high-risk requests, regardless of how authentic initial communications appear.
These protocols, when combined with Salesforce’s platform security enhancements, create formidable defenses against social engineering.
The Path Forward: Trust Through Verification
The rise of deepfake threats marks a turning point in cybersecurity, but it also creates an opportunity for platforms like Salesforce to lead the way in setting new security standards.
With its fast threat detection, clear communication with customers, quick security updates, and strong collaboration with the broader security community, Salesforce shows how an enterprise can effectively respond to new threats.
In an age of AI-generated deception, trust can no longer be assumed; it must be verified.
Companies that understand this and invest in the right tools, processes, and culture will be better prepared to protect both their security and their reputation.
If you want to verify authenticity with the same confidence, explore TruthScan, a trusted solution to detect AI-generated content and strengthen the foundation of digital trust in your organization.