The Trust Layer is on by default for any feature using a Salesforce prompt template. Configuration is mostly about reviewing the defaults, customizing the masking dictionary, and setting up audit-trail visibility.
- Confirm the Trust Layer is enabled for the org
Setup, Einstein, Trust Layer. The feature should show enabled for any org with Einstein Generative AI provisioned. If it does not, escalate to the AE; this is platform plumbing, not customer-side configuration.
- Review the default masking rules
The Trust Layer ships with PII detection for names, emails, phone numbers, credit cards, SSNs, and addresses. Review the list. If the org handles industry-specific identifiers (case numbers, member IDs), check whether they are covered.
- Customize masking with extensions
For custom identifiers, configure additional masking patterns. Salesforce exposes this through the Einstein Trust Layer configuration. Test with sample records before enabling in production.
- Set up audit trail access
Grant the Einstein Generative AI Audit permission to the security or compliance team. The audit trail lives in Setup, Einstein, Trust Layer, Audit Logs. Schedule weekly review.
- Test with sample prompts and review the trail
Run several test prompts that include PII, retrieve the entries from the audit log, and confirm masking, grounding, and filter behavior match expectations. Catch surprises in test, not production.
The PII detection and replacement layer. Covers standard categories by default; supports custom patterns for industry-specific identifiers.
The runtime data injection layer. Pulls record data, knowledge, and Data Cloud entities into prompts based on the template definition.
The response-side filter that blocks harmful content. Threshold and category coverage depend on the underlying classifier version.
Defends against prompt injection attempts by detecting suspicious patterns in user-supplied input before the prompt is built.
The full record of every Trust Layer transaction. Required for compliance and forensic review. Lives in the customer's org, not at the provider.
- Over-masking strips context the model needs to answer. A prompt with five PERSON tokens often confuses the model about who is who. Tune the masking categories rather than maximizing them.
- The Trust Layer does not prevent hallucinations. Grounded, masked, filtered responses can still be factually wrong. Plan for residual hallucination review.
- Toxicity filters are weaker in non-English content. Multi-language deployments need tighter prompt design or human review on responses in low-resource languages.
- The audit trail is the only forensic record when something goes wrong. Make sure the security team has access before the first incident, not after.
- BYOM and direct Apex callouts bypass parts of the Trust Layer. The team owns masking, filtering, and auditing in those paths if the use case needs them.