Tag: Agentforce

TL;DR

• Salesforce guides Q2 FY27 revenue to $11.27–$11.35B, a notch below the ~$11.4B consensus from Bloomberg/Yahoo Finance, which stirs 2026’s “AI-disrupts-SaaS” worries despite record Q1 revenue of $11.1B. [1][2]
• Backing out Informatica, organic growth slows to high single digits; the bear case rests on that math, not on whether Agentforce can run customer support or sales ops in San Francisco or London. [2]
• The hinge is pricing and data control, not demos. Agentforce ARR sits above $1B as of May 2026, but packaging, per-interaction economics, and a $25B bond-financed buyback will shape winners through FY27. [2][6]

What the source said

Bloomberg/Yahoo Finance reported Salesforce guided fiscal Q2 revenue to roughly $11.3B versus ~$11.4B street, and total remaining performance obligations at $67.9B against a $68.9B consensus; it also cited Q1 FY27 revenue of $11.1B, up 13% year over year. The article frames investor concern that AI agents could disrupt SaaS moats and notes Salesforce’s Agentforce for tasks like support ticket resolution and call summarization. It highlights a stronger-than-expected EPS print and says those AI features have not yet reshaped FY27 growth; it also points to weak 2026 share performance alongside peers such as ServiceNow and Adobe. [1]

Why it matters

• CIOs at firms from Chicago to Berlin will decide in 2026 whether to buy Salesforce’s integrated data+workflow stack or assemble a Microsoft Azure + Snowflake architecture with point tools like Zapier and Notion; that choice will set five-year TCO and vendor concentration risk. [2][4]
• For investors, the 2026 scoreboard is organic growth and FCF quality, not keynote sizzle. Salesforce implies mid-to-high single-digit organic growth beneath Informatica and only 4–5% FY27 FCF growth after raising $25B of debt for an accelerated buyback, according to Fortune and IR. That is a capital-allocation signal, not a product one. [2][3]

Original analysis

Salesforce gives lukewarm outlook: what the numbers actually say

• Back-of-envelope math

  • Q1 FY27 revenue was $11.133B; Informatica contributed $0.444B. Organic revenue ≈ $10.689B. Q1 FY26 revenue was $9.829B. Organic growth ≈ ($10.689B ÷ $9.829B) − 1 ≈ 8.7% YoY. [2]
  • Q2 FY27 guide: $11.27–$11.35B, up ~10–11% YoY, with “slightly above 4 points” from Informatica. Midpoint 10.5% − 4.2 points ≈ ~6.3% organic growth. That tilts toward mid-single digits unless Agentforce or cross-sell accelerates in 2026. [2]
  • RPO is $67.9B (+11% YoY); CRPO is $33.6B (+14% YoY). Pipeline grows faster than organic revenue, which implies packaging, conversion, and discounting—not demand—are the near-term bottlenecks. [2]

• A 2×2 you can use: data control vs. workflow ownership

  • High data control / High workflow ownership: Salesforce (Customer 360 + Data 360 + Agentforce). If integration friction drops in 2026, this quadrant compounds via native data gravity. [2][4]
  • High data / Low workflow: Snowflake and data lakes. Great for model training and Zero Copy pipelines, but weak native workflows force partners to stitch outcomes. [2]
  • Low data / High workflow: ServiceNow and Adobe—strong processes, but they must defend first-party data gravity as interfaces commoditize with GPT-4–class models.
  • Low data / Low workflow: point tools such as Zapier and Notion add-ons; feature velocity is high, but margins and stickiness erode when buyers standardize on fewer agent platforms.

• Named-stakeholder breakdown

  • Salesforce: The drag is arithmetic, not existential. Without Informatica, organic growth rounds to ~6–9%—adequate for a ~$45B-revenue company in 2026, but not thesis-clinching. The fix is packaging Agentforce into usage units that map to outcomes like “resolved cases” or “qualified opportunities.” [2][3][6]
  • ServiceNow: If Agentforce Contact Center gains share in 2026, NOW’s “AI control tower” meets a platform that already owns the customer record and many service workflows; track large CCaaS deal win rates. [4]
  • Adobe: Generative design and content agents matter, but enterprise buyers may insist agents sit where CRM/CDP data lives; that pushes Adobe deeper into upstream integrations with named systems of record.
  • Microsoft/Snowflake: The neutral data-plane alternative. If CIOs prize model choice and cross-cloud data residency in 2026, Azure OpenAI + Snowflake can siphon spend even if Salesforce keeps front-end workflows.

• A contrarian read

  • Consensus: “AI agents will commoditize SaaS; Salesforce’s moat is eroding.”
  • Counter: RPO/CRPO growth and early Agentforce ARR suggest buyers want agents inside systems of record to avoid brittle glue code. Salesforce and Spanish financial press cite >$1B Agentforce ARR; Q1 FY27 materials note 52T records ingested into Data 360 (35T via Zero Copy) and 1T API calls across core—data gravity you don’t replicate quickly in 2026. The near-term headwinds are pricing mechanics and Informatica consolidation, not core capability. [2][6]

What others are missing

The overlooked hinge is unit economics and packaging for digital labor in FY27: Salesforce bakes “slightly above 4 points” of Informatica into Q2 and guides FCF growth to only 4–5% after issuing $25B of debt for an accelerated share repurchase, signaling a clock on monetization. The operational breadcrumbs—52T records ingested into Data 360 (35T via Zero Copy), 1T API calls, and CRPO +14%—show demand, but organic revenue will re-accelerate only if Salesforce simplifies SKUs into usage-grounded tiers and reduces multi-cloud data-access friction in 2026–2027. [2][3]

What to watch next

1. By Q2 FY27 results (late August 2026), Salesforce’s organic (ex-Informatica) revenue growth is ≤7% YoY even if total growth lands inside the $11.27–$11.35B guide, confirming the deceleration math above. [2]
2. By Dreamforce 2026 (September 2026 in San Francisco), Salesforce ships a usage-tiered Agentforce core SKU—explicit per-interaction or per-agent-minute pricing—alongside seat bundles, reducing pilot-to-production friction.
3. By Q4 FY27 earnings (late February 2027), Salesforce or credible outlets disclose Agentforce ARR ≥$1.5B, implying deeper production deployments beyond 2026 pilots. [6]

My take

I don’t buy the “AI kills Salesforce” story in 2026. The give here is go-to-market plumbing, not model quality: data gravity plus native agent workflows inside Customer 360 is defensible, and RPO/CRPO prints back that up. The real risks are self-inflicted—keeping organic growth stuck near 6–7% while consuming balance sheet for buybacks—and they are fixable with cleaner, usage-based Agentforce pricing in 2026. If organic growth stabilizes and packaging tightens by Q2, the stock can rerate off the “disruption” narrative; if not, the market will keep assigning a utility multiple.

Sources

1. Salesforce Gives Lukewarm Outlook That Fails to Ease AI Fear — Yahoo Finance/Bloomberg (https://finance.yahoo.com/markets/stocks/articles/salesforce-gives-lukewarm-outlook-fuels-200630699.html) — Q2 revenue guide near $11.3B vs. ~$11.4B consensus, RPO context, and investor AI-disruption framing.
2. Salesforce Delivers Record First Quarter Fiscal 2027 Results — Salesforce Investor Relations (https://investor.salesforce.com/news/news-details/2026/Salesforce-Delivers-Record-First-Quarter-Fiscal-2027-Results/default.aspx) — Official Q1 FY27 metrics: revenue, Informatica contribution, RPO/CRPO, Q2/FY27 guidance, Data 360/Zero Copy and API utilization.
3. Salesforce turbocharges $25 billion stock buying spree with debt, cuts cash flow guidance in half — Fortune (https://fortune.com/2026/05/27/salesforce-turbocharges-25-billion-stock-buying-spree-with-debt-cuts-cash-flow-guidance-in-half/) — Confirms the $25B bond-financed ASR and frames softer FY27 FCF growth.
4. Agentforce Contact Center brings native CCaaS to Salesforce — TechTarget (https://www.techtarget.com/searchcustomerexperience/news/366639947/Agentforce-Contact-Center-brings-native-CCaaS-to-Salesforce) — Details on Agentforce Contact Center and native agent workflows for service.
5. Cotización CRM Hoy (May 27, 2026): 1 Año -33.75% — Bloomberg Línea (https://www.bloomberglinea.com/quote/CRM%3AUN/) — Independent snapshot of 2026 YTD and one-year share performance around the print.
6. Salesforce falla, por ahora, en su multimillonaria recompra de acciones… — CincoDías (El País) (https://cincodias.elpais.com/companias/2026-05-29/salesforce-falla-por-ahora-en-su-multimillonaria-recompra-de-acciones-para-hacer-frente-a-la-amenaza-de-la-ia.html) — Cites Agentforce ARR above $1B and contextualizes the debt-funded buyback in Spain’s financial press.

When your SIEM becomes the attacker's foothold: Fortinet patches a dangerous FortiSIEM flaw

The idea that your security operations center could be quietly turned against you is the stuff of nightmares — and, this week, reality. Fortinet released fixes after a critical vulnerability in FortiSIEM (tracked as CVE-2025-64155) was disclosed that lets unauthenticated attackers run commands on vulnerable appliances by abusing the phMonitor service. That’s not just an issue for one box; compromise can silence logging, tamper alerts, and become a springboard for lateral movement across an organization.

Why this matters right now

• FortiSIEM sits at the heart of many enterprises’ detection and response tooling. If attackers gain root on those appliances, defenders lose both visibility and control.
• The flaw is an OS command injection in phMonitor (the internal TCP service that listens on port 7900) that allows unauthenticated argument injection, arbitrary file writes and ultimately remote code execution as an administrative/root user.
• A public proof-of-concept and exploit activity have been reported, raising the urgency for operators to act quickly.

What happened (quick timeline)

• The vulnerability CVE-2025-64155 was publicly recorded in January 2026 after coordinated research and disclosure.
• Researchers at Horizon3.ai detailed how the phMonitor service accepts crafted TCP requests that lead to command injection and file overwrite escalation, allowing full appliance compromise. (horizon3.ai)
• Fortinet published fixes and guidance; vendors and CERTs pushed immediate mitigation advice. The NVD entry documents the affected releases and the OS command injection nature of the flaw. (nvd.nist.gov)

Affected products and where the fix is

• A wide range of FortiSIEM releases are affected across multiple branches (6.7.x, 7.0.x, 7.1.x, 7.2.x, 7.3.x, and 7.4.0). Some newer branches (e.g., FortiSIEM 7.5 and FortiSIEM Cloud) are not affected. Exact affected versions and fixed builds are listed in Fortinet advisories; administrators should consult vendor notes for their exact build numbers. (horizon3.ai)

Immediate actions for defenders

• Patch immediately.
  • Apply the Fortinet fixed builds for your FortiSIEM branch as published in the vendor advisory. Patching is the only reliable fix.
• If you cannot patch right away, restrict network access.
  • Block or firewall TCP port 7900 (phMonitor) at the perimeter and between network segments so only trusted internal hosts or specific management IPs can reach it.
• Hunt and validate.
  • Search for unexpected changes on FortiSIEM appliances (new files, altered binaries, unusual cron jobs, disabled logging).
  • Review network logs for inbound connections to port 7900 from Internet sources or unexpected internal hosts.
• Assume potential compromise if your appliance was exposed prior to patching.
  • FortiSIEM compromise can mean attackers have tampered with logs and alerts; treat affected systems as high-risk and perform a full incident response (forensic imaging, integrity checks, and rebuilds where necessary).

Why phMonitor flaws keep resurfacing

phMonitor is a useful internal service — it coordinates discovery, health checks, and sync tasks — but that convenience comes with risk if it accepts unauthenticated, unchecked input. Over multiple disclosure cycles, researchers have found different handlers and helper scripts that trust external input. When a security product exposes internal control channels to the network, it increases the attack surface of the defender's infrastructure. The lesson is blunt: secure-by-default services and strict input sanitization are non-negotiable in security appliances.

Practical defender checklist

• Confirm FortiSIEM version(s) in your environment.
• Cross-check against Fortinet published fixed-build versions and apply patches.
• Immediately block TCP/7900 from untrusted networks; document any exceptions.
• Run integrity checks and look for indicators of unauthorized file writes and scheduled tasks.
• Rebuild appliances if you discover evidence of exploitation (compromise of a SIEM is high-risk).
• Review network segmentation and make sure management interfaces and internal services are not exposed to broad networks.

What this says about vendor security

This incident is a reminder that the software defending us must itself be held to rigorous standards. Vendors need secure defaults (services bound to localhost unless explicitly required), least-privilege internal APIs, continuous fuzzing/input validation, and faster transparent communication about exposure indicators. At the same time, customers should reduce exposure of management and internal services, assume compromise where appliances were internet-reachable, and treat security infrastructure as high-value assets requiring extra hardening.

My take

A SIEM’s compromise flips the security model: tools meant to detect threats can become cover for them. CVE-2025-64155 is a textbook example of how powerful and dangerous a single injection bug can be when it lives inside a security product. Patch quickly, tighten access to internal services, and treat exposure as a severe incident — because it is.

Sources

• NVD — CVE-2025-64155: CVE Detail. https://nvd.nist.gov/vuln/detail/CVE-2025-64155. (nvd.nist.gov)
• Horizon3.ai — CVE-2025-64155: Fortinet FortiSIEM RCE (research and disclosure details). https://horizon3.ai/attack-research/vulnerabilities/cve-2025-64155-fortinet-fortisiem/. (horizon3.ai)
• Fortinet PSIRT advisory — FG-IR-25-772 (vendor advisory and fixed versions). https://fortiguard.fortinet.com/psirt/FG-IR-25-772. (incibe.es)
• Help Net Security — Fortinet warns about FortiSIEM vulnerability with in-the-wild exploit code. https://www.helpnetsecurity.com/2025/08/13/fortinet-warns-about-fortisiem-vulnerability-with-in-the-wild-exploit-code-cve-2025-25256/. (helpnetsecurity.com)

Traders are bracing for a big Salesforce swing after earnings

Salesforce is in the spotlight following its quarterly report released after the closing bell on December 3, 2025. Traders had been betting on a sizable share-price reaction — and option prices told the story: the market was pricing in a roughly 6–8% move in either direction around the print. That setup made the stock a high-drama candidate for active traders, long-term holders and anyone paying attention to how AI momentum is reshaping enterprise software expectations.

Why option prices matter (and what they were saying)

• Options markets convert uncertainty into a single, tradable number: implied volatility. Around earnings, that implied volatility spikes, and the at-the-money straddle gives a quick estimate of the market’s expected absolute move.
• Ahead of the Dec. 3 report, traders were pricing roughly a 6–8% move in Salesforce (CRM) by the end of the week — meaning a $235 stock could be expected to reach about $251 on the upside or fall to roughly $218 on the downside.
• That range reflected a mix of drivers: investor skepticism after a rough 2025 for the stock, plus renewed hope from Salesforce’s growing AI offerings that management had been talking up all year.

The backdrop: AI, sentiment, and a bruised stock

• 2025 was a rocky year for Salesforce’s share price — down significantly at times — as investors digested execution risks, cloud migration cycles and competition.
• Internally, Salesforce pushed hard on AI products (Agentforce, Data 360 and other offerings). Management has been arguing these products can expand contract values and accelerate upsells — a bullish argument for long-term revenue growth.
• Yet AI hype alone hasn’t insulated the company from the market’s short-term instincts: earnings and forward guidance still get punished if growth or margins don’t meet high bars.

What traders were watching beyond the headline numbers

• Revenue and subscription growth: Are enterprise customers buying more AI-enabled products, or is growth still concentrated in legacy CRM lanes?
• Margin trajectory and guidance: AI investments can lift long-term revenue, but they also cost money today. Guidance for the next quarter and full year mattered a lot.
• Customer metrics: churn, renewals and remaining performance obligations (RPO) are the connective tissue between product adoption and sustainable revenue.
• Management tone on AI monetization: specifics about ARR contribution, adoption rates for Agentforce/Data 360, and conversion of pilot programs into full deployments could swing sentiment.

What the trade setup meant for different investors

• Short-term traders: The options-implied move offered both opportunity and risk. A big move could produce quick profits, but the direction was uncertain — traders needed tight risk management.
• Long-term investors: The headline move might have been noise. For investors focused on 12–24 month outcomes, the key question remained whether AI products materially change Salesforce’s growth profile.
• Volatility sellers: Selling premium into high implied volatility (IV) is tempting before earnings, but doing so exposes sellers to outsized losses if the stock gaps sharply on the print.

Snapshot of the immediate market reaction

News outlets reported that Salesforce’s results and commentary leaned into AI momentum. Headlines after the report noted an upgraded outlook and stronger-than-expected contributions from AI products, and shares moved in after-hours trading accordingly. That kind of reaction is exactly why option-implied moves widen before earnings — the market prices in the possibility of both a pleasant surprise or a disappointment. (See Sources for links to coverage.)

What this means going forward

• Expect continued sensitivity to AI metrics. Investors will now want proof that AI wins translate into predictable revenue and margin expansion.
• The options market will continue to price earnings risk for large-cap software names where execution on AI is a key differentiator.
• If Salesforce keeps beating expectations and converts pilot projects into ARR consistently, the market may reward the stock multiple expansion. If not, volatility will likely remain elevated.

Quick takeaways for readers

• Traders were pricing a roughly 6–8% swing in Salesforce stock around the Dec. 3, 2025 earnings release.
• The options market’s expected move captured uncertainty driven by AI adoption, guidance and customer metrics.
• Short-term reactions can be sharp; longer-term investors should focus on evidence that AI products are sustainably driving ARR growth and margins.

My take

Earnings days for large software names are always a study in risk vs. reward, but in 2025 Salesforce felt different because AI wasn’t just a buzzword — it was a revenue argument management was quantifying. That makes the short-term moves volatile, but it also makes the post-earnings period more informative. For traders, that means opportunity if you manage risk. For investors, it means watching whether the AI story translates into repeatable, predictable revenue growth — and not just headline demos.

Sources

• Here's How Much Traders Expect Salesforce Stock to Move After Earnings Today — Yahoo Finance.
  https://finance.yahoo.com/news/heres-much-traders-expect-salesforce-175714551.html

• Salesforce boosts its outlook on AI momentum, injecting some enthusiasm into its stock — Investopedia.
  https://www.investopedia.com/salesforce-boosts-its-outlook-on-ai-momentum-injecting-some-enthusiasm-into-its-stock-11861650

• Salesforce raises annual forecasts as AI software adoption picks up steam — Reuters.
  https://www.reuters.com/business/media-telecom/salesforce-raises-annual-revenue-forecast-2025-12-03/