Einstein Trust Layer Explained — Agentforce Module 2 | 2026
🤖 Free Agentforce Course 2026 — sfinterviewpro.com
🔒 Module 2 of 15
Einstein Trust Layer
AI Safety, Security & Governance
Understand how Salesforce ensures your AI is safe, private, and compliant — and configure it in your Developer Org before building your first agent.
6
Security Features
100%
Practical
Setup
Step-by-Step
Free
Dev Org
📍 Course Progress — Module 2 of 15
✅What is Agentforce
M2Trust Layer
M3Dev Org Setup
M4Agent Builder
M5TIA Framework
M6Prompt Builder
M7Std Actions
M8Flow Actions
M9Apex Actions
M10API Actions
M11Data Cloud
M12Deploy
M13Escalation
M14Testing
M15Full Project
🚨 Why You Must Understand This BEFORE Building
Before you build a single agent, you need to understand how Salesforce handles your data when it talks to an AI model. The Einstein Trust Layer is what ensures your customer data, PII, and confidential business information never leaks to external AI providers. Skip this module and you'll build insecure agents.
🔒
1. What is the Einstein Trust Layer?
The security foundation that makes enterprise AI safe
The Einstein Trust Layer is Salesforce's built-in AI security architecture that sits between your users and the AI language models (LLMs). It ensures that sensitive data is masked before reaching the AI, AI responses are safe and appropriate, and every AI interaction is audited — all without you writing a single line of security code.
💡 Simple Analogy
Imagine sending a customer's letter to a translator. Before the letter reaches the translator, a security officer blacks out all personal details (name, phone, address). The translator works only on the content — never seeing PII. After translation, the security officer re-inserts the correct personal details. That's the Einstein Trust Layer.
🌍 XYZ Company Example
Sales rep asks Agent: "Summarize the relationship with Rahul Sharma at ABC Pharma, phone 9876543210"Without Trust Layer: Full prompt with "Rahul Sharma" and "9876543210" sent to OpenAI/LLM → PII exposed to external service!
With Trust Layer: PII masked → LLM receives "Summarize relationship with [PERSON_1] at ABC Pharma, phone [PHONE_1]" → LLM responds → Trust Layer re-inserts real values → Rep sees correct response. PII never left Salesforce.
🔄
2. How Einstein Trust Layer Works — Step by Step
The exact flow for every single AI request in Agentforce
Einstein Trust Layer — Request Flow
👤 User Message
→
🔍 PII Detection & Masking
→
⚡ Toxicity Check (Input)
↓ Safe prompt (PII masked)
📊 Data Grounding (Salesforce context added)
→
🤖 LLM (AI Model) — Processes masked prompt
↓ AI Response (contains masked tokens)
⚡ Toxicity Check (Output)
→
🔄 PII Re-inserted (masked tokens replaced)
→
📋 Audit Log
↓ Final safe response with real PII
✅ Response to User (safe + accurate)
⚡ Key Point
The LLM (AI model) NEVER sees your actual PII. It only processes masked tokens like [PERSON_1], [PHONE_1], [EMAIL_1]. The Trust Layer handles substitution before and after. This is how Salesforce achieves enterprise-grade AI security with zero extra code.
🛡️
3. The 6 Key Features of Einstein Trust Layer
What each feature does and why it matters for your agent
🔍 1. PII Masking
Automatically detects and masks Personally Identifiable Information — names, emails, phone numbers, SSNs, credit cards — before sending to LLM. Re-inserts real values in the response. Configured in Setup → Einstein Trust Layer → PII.
☠️ 2. Toxicity Detection
Scans both user input AND AI output for harmful, offensive, or inappropriate content. Blocks toxic inputs before they reach LLM. Filters toxic LLM responses before they reach users. Protects users and brand reputation.
📋 3. Audit Trail
Every AI interaction is logged — who asked what, what data was used, what the AI responded. Stored in Salesforce as AI Interaction records. Critical for compliance (GDPR, HIPAA, SOC2). Reviewable in Setup → Einstein → Audit.
🌍 4. Data Residency
Ensures your data stays in your selected geographic region (India, EU, USA). AI processing happens in the same region as your data. Critical for GDPR (EU) and data sovereignty requirements in regulated industries.
🚫 5. Zero Data Retention
Salesforce's LLM providers (OpenAI, Anthropic, Google) do NOT retain your data for model training. Your prompts and responses are used only for that one request — deleted immediately after. No external model learns from your data.
🔐 6. Grounding Security
When the AI accesses Salesforce data for context, it only accesses records the current user has permission to see. Salesforce's standard security model (profiles, permission sets, sharing rules) applies to all AI data access.
🔍
4. PII Masking in Action — Real Examples
See exactly what the LLM receives vs what the user sees
Below is exactly what happens to your data when a sales rep at XYZ Company asks the agent a question containing personal information. The LLM never sees the real values — only masked tokens.
PII Masking Examples — Before LLM vs After LLM
Name
Rahul Sharma
→
[PERSON_1]
Email
rahul@abcpharma.com
→
[EMAIL_1]
Phone
+91-9876543210
→
[PHONE_1]
Address
123 MG Road, Mumbai
→
[ADDRESS_1]
Company
ABC Pharma Pvt Ltd
→
[ORG_1]
🔄 Complete Masking + Re-insertion Flow
User prompt: "Draft a follow-up email to Rahul Sharma at ABC Pharma (+91-9876543210)"Sent to LLM: "Draft a follow-up email to [PERSON_1] at [ORG_1] ([PHONE_1])"
LLM response: "Dear [PERSON_1], Following up on our recent discussion at [ORG_1]..."
User sees: "Dear Rahul Sharma, Following up on our recent discussion at ABC Pharma..."
✅ LLM never knew the real name. User gets the correct personalized response.
⚙️
5. Configure Einstein Trust Layer in Your Dev Org — Step by Step
Hands-on: Follow these exact steps in your Developer Org
📋 Before You Start
You need a Salesforce Developer Org with Agentforce enabled. If you haven't set up your Dev Org yet, don't worry — Module 3 covers that completely. You can read this module now and configure it in Module 3.
1
Navigate to Einstein Trust Layer Settings
In your Developer Org, click the gear icon (⚙️) → Setup → In the Quick Find box, type "Einstein" → Click Einstein Trust Layer under the Einstein section.
Setup → Quick Find: "Einstein" → Einstein Trust Layer
📸 What You Should See:
A page titled "Einstein Trust Layer" with tabs for: Overview, Data Masking, Audit Trail, and Toxicity Settings. If you see this page, Trust Layer is available in your org.
2
Enable Einstein Generative AI
Go to Setup → Generative AI → Einstein Generative AI. Toggle "Enable Einstein Generative AI" to ON. This is the master switch for all AI features including Agentforce.
Setup → Quick Find: "Generative AI" → Enable toggle → Save
📸 What You Should See:
A toggle labelled "Einstein Generative AI" — switch it to ON (blue). You may see a confirmation dialog — click Enable. Page refreshes and shows "Enabled" status in green.
3
Configure PII Data Masking
In Einstein Trust Layer → click Data Masking tab. You'll see the list of PII types that are automatically masked. By default, these are enabled: Person Names, Email Addresses, Phone Numbers, Physical Addresses, Credit Card Numbers, Social Security Numbers.
Setup → Einstein Trust Layer → Data Masking tab
📸 What You Should See:
A list of PII categories each with a toggle. For XYZ Company, ensure ALL are enabled (green). You can add custom masking patterns for company-specific data like Employee IDs if needed.
4
Enable Audit Trail
Click the Audit Trail tab in Einstein Trust Layer. Toggle "Log AI Interactions" to ON. This logs every prompt sent to and response received from AI models. Retention period: up to 90 days (configurable).
Setup → Einstein Trust Layer → Audit Trail → Enable toggle → Set retention period → Save
📸 What You Should See:
Audit Trail enabled (green toggle). Retention set to 30 days for Dev Org. In production: set to 90 days for compliance. You can view audit logs in: App Launcher → AI Interactions.
5
Configure Toxicity Settings
Click Toxicity tab. You'll see thresholds for: Hate Speech, Violence, Sexual Content, Self-harm. Set each to your tolerance level. Recommended: set all to LOW for enterprise use (blocks even mild content).
Setup → Einstein Trust Layer → Toxicity → Set thresholds → Save
📸 What You Should See:
Sliders or dropdowns for each content category. For XYZ Company (pharma): set Hate Speech = Low, Violence = Low, Sexual = None, Self-harm = Low. Save. Now agent will block harmful content in both directions.
6
Verify Zero Data Retention (Automatic)
Zero data retention is automatically enforced when using Salesforce's approved AI providers. You don't configure this — it's guaranteed by Salesforce's agreements with OpenAI, Anthropic, Google, and other LLM providers. Verify in Setup → Einstein → AI Provider Agreements.
Setup → Quick Find: "AI Provider" → View Agreements
📸 What You Should See:
A page showing approved AI providers (OpenAI, Anthropic, etc.) with "Zero Retention: ✅ Confirmed" next to each. This confirms no provider stores your data. Screenshot this for compliance documentation.
✅ Dev Org Trust Layer Setup Complete!
Your Einstein Trust Layer is now configured. Every AI interaction in your Dev Org will: mask PII before the LLM, check toxicity on both input and output, log all interactions for 30 days, and guarantee zero data retention with external providers.
📋
6. Viewing AI Audit Logs — Practical
How to review every AI interaction in your org
After any AI interaction (agent conversation, Prompt Builder generation, Copilot action), Salesforce creates an AI Interaction Log record. These are queryable via SOQL and viewable in the UI — critical for compliance audits.
1
View Audit Logs in UI
Go to App Launcher (9 dots) → Search "AI Interaction Logs" → Open. You'll see a list of all AI interactions with: timestamp, user, input prompt (masked), output, model used, and trust layer actions taken.
App Launcher → AI Interaction Logs → Click any record to see full details
2
Query Audit Logs via SOQL
You can also query AI interaction logs using SOQL in Developer Console or Workbench:
// Query AI Interaction Logs
SELECT Id, CreatedDate, CreatedById, Input__c, Output__c,
ModelName__c, TrustLayerActions__c, PiiMasked__c
FROM AIInteractionLog
WHERE CreatedDate = LAST_N_DAYS:7
ORDER BY CreatedDate DESC
LIMIT 50
This gives you a full audit trail of all AI interactions in the last 7 days — who asked what, which model was used, and what Trust Layer actions were applied.
3
Build a Compliance Dashboard (Optional)
For production orgs, build a Reports + Dashboard on AI Interaction Logs showing: total AI interactions per day, PII masking frequency, toxicity blocks, top users, and model usage. Essential for enterprise compliance reviews.
Reports → New Report → AI Interaction Logs → Add charts → Save to Dashboard
🔐
7. Grounding Security — AI Respects Salesforce Permissions
How Agentforce ensures AI only accesses what users are allowed to see
Grounding means providing the AI with real Salesforce data as context for accurate answers. Grounding Security means this data access follows Salesforce's standard security model — the AI can only access records the current user has permission to see.
| Security Layer | How It's Applied in Agentforce | XYZ Company Example |
|---|---|---|
| Object-level | Agent can only query objects user has Read access to | Sales rep can't query Payroll__c — no object access |
| Field-level | Agent can only see fields user has FLS Read access to | Agent can't reveal Opportunity Margin if rep can't see it |
| Record-level | Agent respects OWD + role hierarchy + sharing rules | Agent only shows agent's own Opportunities by default |
| Profile/PSets | Agent runs with the current user's permission set | Admin user's agent sees more than standard user's agent |
⚡ Important for Interviews
When an interviewer asks "How does Agentforce handle security?" — the answer is: Einstein Trust Layer handles AI-level security (PII, toxicity, audit, zero retention) AND standard Salesforce security model (profiles, FLS, sharing) applies to all data access by the agent. Two layers working together.
🌍 XYZ Company — Practical Security Example
Raj (Sales Rep) asks agent: "Show me all Opportunities in India region"The agent queries Opportunities using Raj's session — his sharing rules only allow him to see his own territory. Agent returns only Raj's Indian Opportunities, not the entire India region. No extra code needed — Salesforce sharing model handles it automatically.
🚨
8. Common Trust Layer Issues & Fixes
Problems you'll hit in real projects and how to solve them
| Issue | Root Cause | Fix |
|---|---|---|
| Agent returns [PERSON_1] in response instead of real name | PII re-insertion failed — usually a parsing issue in the response template | Check your Prompt Template — ensure it uses the correct merge fields. Test with a simpler prompt first. |
| Agent blocks a legitimate user question as "toxic" | Toxicity threshold set too aggressively (LOW) for your use case | Setup → Einstein Trust Layer → Toxicity → Raise threshold for specific categories. Test with edge cases. |
| AI Interaction Logs not appearing | Audit Trail not enabled OR user doesn't have View All Data permission to see logs | Enable Audit Trail in ETL settings. Grant "View AI Interactions" permission to admin users. |
| Agent sees data the user shouldn't access | Action running in System Mode instead of User Mode | Check your Apex Action — use with sharing keyword. Flow Actions: run in User Mode. Never System Mode for security-sensitive data. |
| Einstein Generative AI toggle is greyed out | Org doesn't have Agentforce license OR you're not System Administrator | Verify your org has Agentforce in: Setup → Company Information → Licenses. Contact Salesforce support if missing from Dev Org. |
🎯
9. Einstein Trust Layer — Interview Questions & Answers
These questions are asked in every Agentforce interview
| Interview Question | Best Answer |
|---|---|
| What is the Einstein Trust Layer? | Security layer between users and AI LLMs — masks PII before LLM, checks toxicity on input/output, logs every interaction, enforces data residency, and guarantees zero data retention with external providers. |
| How does Salesforce ensure customer data doesn't reach external AI providers? | Einstein Trust Layer masks PII with tokens (e.g., [PERSON_1]) before sending to LLM. LLM never sees real data. Zero data retention agreements with providers ensure no data is stored for model training. |
| Can the AI access records a user doesn't have permission to see? | No. Agentforce respects Salesforce's full security model — OWD, role hierarchy, sharing rules, FLS, and profiles all apply to any data the agent accesses. Grounding Security ensures this. |
| Where can you view AI interaction audit logs? | App Launcher → AI Interaction Logs, or query AIInteractionLog object via SOQL. Contains: user, timestamp, masked input/output, model used, Trust Layer actions applied. |
| What happens if a user sends a harmful message to the agent? | Einstein Trust Layer's toxicity detection scans the input. If it exceeds the configured threshold, the message is blocked before reaching the LLM and user receives a polite decline message. The blocked interaction is still logged in audit trail. |
✅
10. Module 2 Summary
What you learned — check before Module 3
- ✅Einstein Trust Layer = security layer between users and AI — PII masking, toxicity, audit, data residency, zero retention, grounding security
- ✅PII Masking = real data replaced with tokens ([PERSON_1]) before LLM, re-inserted after → LLM never sees actual PII
- ✅Zero Data Retention = Salesforce's LLM providers contractually cannot store or train on your data
- ✅Audit Trail = every AI interaction logged in AIInteractionLog — queryable via SOQL, viewable in UI
- ✅Grounding Security = AI data access follows standard Salesforce security model (profiles, FLS, sharing rules)
- ✅Setup = Setup → Einstein Trust Layer → Enable PII, Toxicity, Audit Trail → Save
- ✅Key interview answer = Two security layers: Trust Layer (AI-level) + Salesforce security model (data-level)
🧠 Module 2 — Knowledge Check
Q1: What does PII masking replace "Rahul Sharma" with before sending to the LLM? → [PERSON_1] — a masked token. Real name is re-inserted after LLM responds.
Q2: Where do you enable Einstein Generative AI in Setup? → Setup → Quick Find: "Generative AI" → Einstein Generative AI → Enable toggle
Q3: Can external AI providers (OpenAI) store your Salesforce data? → NO ✅ — Zero Data Retention is contractually enforced for all Salesforce-approved AI providers.
Q4: A user sends a message with hate speech to your agent. What happens? → Toxicity detection blocks the message before it reaches LLM. User gets a polite decline. Interaction is logged in audit trail.
Q5: A sales rep asks the agent about another rep's opportunities. What happens? → Agent can only access records the current user has sharing permission to see. Grounding Security applies the full Salesforce security model.
🚀 Ready for Module 3?
Next: Setting Up Your Developer Org for Agentforce — Step-by-step guide to get a free Developer Org, enable Agentforce, configure all required settings, and verify everything is ready before we build our first agent.
Module 3: Dev Org Setup →