FAQ-000008 - AI and External Service Security / Third-Party AI Libraries and Tools

In Agentforce managed packages, third-party AI libraries, tools, and machine learning models—especially external LLM services—are not permitted. All AI and LLM capabilities must be provided through Salesforce-native services under the Einstein Trust Layer. It's recommended to open a case with Salesforce for detailed guidance and clarification.

The FAQ content is accurate and addresses a valid security concern about third-party AI integration in managed packages. I made one minor grammatical improvement by adding an em dash (—) to improve readability where the original used 'especially' without proper punctuation flow. This makes the sentence clearer and more professional without changing the meaning or structure. For the related security rules, I selected rules that apply to external integrations and third-party services since AI libraries typically require HTTP callouts and credential management: 1. ApexInsecureEndpoint - AI libraries often require HTTP callouts to external services, making secure endpoint configuration essential 2. ApexSuggestUsingNamedCred - When integrating with AI services, proper credential management through Named Credentials is required 3. AvoidDisableProtocolSecurityRemoteSiteSetting - AI service integrations require secure remote site settings 4. AvoidInsecureHttpRemoteSiteSetting - External AI services must use HTTPS connections 5. AvoidHardcodedCredentialsInHttpHeader, AvoidHardcodedCredentialsInFieldDecls, AvoidHardcodedCredentialsInVarAssign, AvoidHardcodedCredentialsInVarDecls - These rules prevent insecure credential handling that would be relevant if developers attempted to integrate third-party AI services