Einstein Trust Layer
Salesforce's security architecture for generative AI that provides data masking, prompt defense, toxicity detection, zero data retention with LLM partners, and audit trails to ensure safe AI usage within CRM.
Definition
Salesforce's security architecture for generative AI that provides data masking, prompt defense, toxicity detection, zero data retention with LLM partners, and audit trails to ensure safe AI usage within CRM.
In plain English
“The Einstein Trust Layer is Salesforce's safety architecture for generative AI. It handles things like masking sensitive data before it gets sent to AI models, preventing the AI from making things up, blocking toxic content, and making sure your customer data doesn't get retained by the underlying AI provider.”
Worked example
A VP of Compliance at Coastal Health reviews the org's Einstein Trust Layer configuration before enabling Agentforce for customer-facing service. He confirms PII masking rules strip Social Security Numbers and Date of Birth from prompts before they leave the Salesforce boundary, reviews the zero-retention agreements with Salesforce's LLM partners, enables toxicity detection on outputs, and verifies the audit log captures every prompt and response for seven-year retention. With the Trust Layer properly scoped, Agentforce agents can operate against patient data without violating HIPAA, and the compliance team has the audit trail they need for any future review.
Why Einstein Trust Layer matters
The Einstein Trust Layer is Salesforce's security and privacy architecture for generative AI features like Einstein Copilot and Prompt Builder. It addresses the key risks of using LLMs with enterprise data: data leakage to third-party providers, model hallucinations that produce inaccurate outputs, harmful or toxic content in responses, and lack of audit trails. The Trust Layer wraps each generative AI interaction with safeguards that protect customer data and improve output quality.
Key components include data masking (sensitive fields are masked before being sent to the LLM, then unmasked in the response), prompt grounding (the LLM is given relevant CRM data as context to reduce hallucinations), zero data retention with LLM partners (Salesforce contracts require providers not to retain or train on customer data), toxicity detection (filtering out harmful outputs), and audit trails (logging all interactions for compliance review). This architecture is what makes generative AI viable for enterprise CRM use, where unprotected LLM usage would be a regulatory and risk nightmare.
How to set up Einstein Trust Layer
Einstein Trust Layer is the security and governance architecture for Salesforce's generative AI features — data masking before prompts go to LLMs, prompt defense, toxicity detection, zero data retention with LLM partners, audit trails of every AI request. Foundational for safely using AI on customer data; configured org-wide once and applies to every AI feature.
- Confirm Einstein 1 / Agentforce licensing
Trust Layer is part of the Einstein Generative AI bundle. Check Setup → Einstein Setup.
- Open Setup → Einstein Generative AI Settings (or Trust Layer)
Setup gear → Quick Find: Trust Layer / Einstein Generative AI Settings.
- Tick Enable Data Masking
When ON, sensitive fields are masked in prompts sent to LLMs. Mapping configurable per-field via Data Classification.
- Configure Prompt Defense settings
Filters that reject unsafe prompts — prompt injection attempts, attempts to extract system prompts.
- Configure Toxicity Detection
When ON, AI outputs are scanned for toxic / offensive content before being shown to users.
- Confirm Zero Data Retention agreements with LLM partners
Salesforce-hosted LLM use is auto-zero-retention. External LLM use (BYOLLM) requires partner agreement — confirm before routing prompts to OpenAI / Anthropic externally.
- Enable Audit Trail for AI requests
Every prompt and response is logged for compliance review. Required by some regulations.
- Save
Trust Layer applies to all generative AI features org-wide — Prompt Builder, Agentforce, Einstein Copilot.
Mask sensitive fields before sending to LLMs.
Reject unsafe / injection prompts.
Scan outputs for toxic content.
Auto for Salesforce-hosted; configurable for BYOLLM.
Log every AI request.
- Data Masking depends on Data Classification. Without fields tagged via Setup → Data Classification Settings, the masking layer doesn't know what to mask.
- Bring-Your-Own-LLM use bypasses Salesforce-hosted Trust Layer protections by default. Custom LLM integration requires you to configure Trust Layer-equivalent protections at your endpoint — easy to overlook.
- Audit Trail volume can be huge for high-AI-use orgs. Plan retention / archival — keeping every prompt and response indefinitely consumes storage rapidly.
How organizations use Einstein Trust Layer
Trusts the Einstein Trust Layer to mask sensitive customer data before any prompts reach OpenAI or other LLM providers. The masking is automatic and built into Copilot.
Enabled Einstein Copilot specifically because the Trust Layer's zero retention and audit trail features satisfied their HIPAA compliance program.
Walks clients through the Trust Layer's protections during Copilot evaluations because the safety architecture is often the deciding factor for risk-averse organizations.
Trust & references
Straight from the source - Salesforce's reference material on Einstein Trust Layer.
- Einstein Trust LayerSalesforce Help
- Einstein Trust Layer: Designed for TrustSalesforce Help
Test your knowledge
Q1. What is the Einstein Trust Layer?
Q2. What protections does the Trust Layer provide?
Q3. Why does the Trust Layer matter for enterprise generative AI?
Discussion
Loading discussion…