The emphasis on trust, AI, and platform-native orchestration continues to shape how organizations think about secure access. Salesforce’s vision for Agentforce 360, anchored in customer success, autonomous intelligence, and trusted enterprise platforms reinforces the need for architectures that are not only secure, but explainable and interoperable by design.
AI’s promise of autonomy presents a critical paradox: it delivers efficiency at scale, yet without explainable governance, it threatens the very trust it seeks to earn, especially in regulated industries. To address this, organizations must adopt a zero trust security framework rooted in data-led governance and explainability. It’s about secure AI adoption, ensuring its decisions are explainable, auditable, and validated through digital twins to meet the mandates of regulated environments.
What we'll cover in this article: We’ll discuss a POV of the Salesforce 360 zero trust security fabric solution, powered by MuleSoft, which securely orchestrates agentic and human workflows across Salesforce C360 products: Agentforce 360, Data 360, Tableau Next, and Slack. By simulating trust boundaries, validating escalation logic, and visualizing governance flows, this architecture enables resilient rollout and policy enforcement at scale.
Zero trust architecture is anchored in three guiding principles:
- “Never trust, always verify” demands strict authentication and least-privilege authorization for every access request.
- “Assume breach” dictates that we operate as if attackers are already inside, focusing on limiting lateral movement and minimizing damage.
- “Verify explicitly” mandates the use of dynamic attributes for granular, contextual access decisions.
These principles are realized through five foundational pillars: Identity, Devices, Networks, Applications and Workloads, and Data, which together form the architectural backbone for implementing zero trust.
We previously discussed these principles by enforcing policy at each point of entry and augmenting it with dynamic Attribute-Based Access Control (ABAC). We then extended these principles for agentic adoption with Agentforce. As AI advances from predictive models to autonomous agents, zero trust architecture must evolve alongside it.
Now, we’ll discuss the 360 zero trust security fabric, a cohesive solution powered by the MuleSoft Platform, with MuleSoft Agent Fabric (MAF) playing a pivotal role in orchestrating secure, explainable governance.
360 zero trust security architecture and solution
The 360 zero trust security architecture integrates the Salesforce C360 technology stack, including Agentforce, Data 360, Tableau Next, and Slack, to enforce trust across agentic and traditional workflows. This framework is designed to operate across a spectrum, from fully native Salesforce 360 deployments to hybrid, multi-platform environments. To enable comprehensive validation and battle-tested edge case scenarios, the architecture leverages digital twins as a simulation layer, ensuring trust boundaries, escalation logic, and policy enforcement are rigorously validated before deployment. This approach supports resilient rollout and continuous compliance across regulated environments.
As organizations accelerate toward AI-driven ecosystems, the need for a resilient, modular, and context-aware security framework increases. This architecture offers a composable solution that is Salesforce 360 architected and interoperable by design, enabling secure, adaptive decision-making across agents, APIs, and traditional IT systems.
This architecture is designed to scale across industries – from government and healthcare to financial services, retail, and manufacturing – where trust orchestration, identity federation, and policy enforcement must operate seamlessly across legacy and modern platforms.
Zero trust security fabric building blocks
Now, let’s go through each key building block (outlined in the diagram below) in further detail.
Policy Subject Points (PSP): Agents and traditional IT systems
The architecture accommodates both AI agents (MCP, A2A) and traditional IT interfaces (REST, SOAP), each governed by dedicated registries:
- Agent Registry: Tracks autonomous agents, their capabilities, and lifecycle.
- API Registry: Manages traditional interfaces and service endpoints.
Both registries are powered by MuleSoft Anypoint Exchange, which serves as the unified catalog for discoverability, governance, and lifecycle management. By leveraging Anypoint Exchange, the architecture ensures that every subject, agentic or traditional, is consistently registered, traceable, and policy-aware. This enables coherent onboarding, enforcement, and auditability across the zero trust fabric.
This dual-path design reflects a critical truth: while agentic adoption is accelerating, traditional IT systems remain pivotal. Much like the introduction of modern platforms once promised to replace mainframes “within years,” we still see mainframes powering mission-critical workloads decades later and most likely will for decades to come.
The same will be true for agentic systems, they will gain traction, but coexist with traditional IT for the foreseeable future. Zero trust architecture is intentionally designed to treat traditional IT systems as first-class citizens, ensuring consistent and coherent policy enforcement across both modern and legacy environments.
Core decision engine: MuleSoft as PDP (Policy Decision Point)
At the heart of the architecture lies the Policy Decision Point (PDP), a cognitive engine that governs how access decisions are evaluated and executed. It is structured around the core function of Decide, which is underpinned by the of Think and Act in conjunction with core services architecture:
- Decide: The central function that resolves access requests based on identity, context, and policy logic.
- Think: The evaluation layer, where trust scores, behavioral signals, and policy rules are synthesized.
- Act: The execution layer, triggering enforcement, escalation, or simulation based on the decision outcome.
The Policy Decision Point (PDP) serves as the cognitive core of the zero trust security fabric, with Decide as its central function and Think and Act as modular subfunctions. Decide orchestrates identity, context, and policy logic into coherent access decisions, while Think evaluates trust posture and Act executes or escalates outcomes. This triadic structure enables real-time, adaptive decisioning across agents, APIs, and legacy systems.
MuleSoft’s core capabilities, logic, orchestration, connectivity, automation, and composability, play a foundational role in enabling PDP’s modular intelligence. MuleSoft flows power the programmable substrate of Decide, allowing policy logic to be composed, simulated, and routed across heterogeneous environments.
Its universal API mesh ensures seamless connectivity, while automation and composability support scalable enforcement, simulation, and escalation, reinforcing the architecture’s commitment to being Salesforce 360 architected, interoperable by design.
Core Services architecture
The Core Services architecture represents the foundational building blocks of the zero trust security fabric. Each block is modular, composable, and policy-aware, designed to support secure, explainable decisioning across agentic and traditional workflows. These components surround the PDP and enable identity federation, signal enrichment, enforcement, governance, and visualization.
Policy Identity Federation Point (PIFP)
The PIFP anchors the architecture’s trust posture by serving as the single source of truth for identity. It governs how users, agents, and APIs are authenticated, authorized, and federated across domains.
Design principles:
- Trust: Establish and validate identity provenance across federated systems
- Auth: Enforce authentication and authorization policies using industry standards
The Identity block supports a layered approach to access control, blending traditional and modern paradigms. It enables Role-Based Access Control (RBAC) for coarse-grained permissions and Attribute-Based Access Control (ABAC) for fine-grained, context-aware decisions.
Access is governed through OAuth 2.0, using scopes, claims, and delegated authorization, with JWT tokens providing compact, verifiable identity payloads for PDP consumption. Scopes and claims define entitlements and access boundaries, while identity federation ensures cross-domain trust through SSO, trust chaining, and external IdP integration.
At its core, credential management centralizes and secures identity artifacts as a single source of truth, ensuring consistency, auditability, and policy alignment across agentic and traditional workflows.
Policy Information Point (PIP)
The PIP enriches the decision fabric by ingesting, correlating, and interpreting contextual signals that inform PDP logic. It serves as the architecture’s sensory layer, bringing behavioral data, environmental attributes, and system telemetry into scope for adaptive access decisions.
Design principles:
- Scope: Define and constrain the contextual perimeter for each access request
- Signal: Ingest, normalize, and correlate behavioral, environmental, and transactional data
The Context block enables dynamic, signal-aware decisioning by synthesizing inputs from agents, APIs, and external systems. It supports graph-based enrichment, trust scoring, and behavioral mapping to surface anomalies and patterns. Signals are aligned and federated across domains, enabling consistent interpretation and reuse.
The Explain subfunction ensures that enriched context is traceable and interpretable, providing human-readable rationale for PDP decisions and supporting feedback loops to visualization and governance layers. Whether powered by Salesforce Data 360 or external CDPs, PIP ensures that every decision is contextually grounded, explainable, and resilient across agentic and traditional workflows.
Salesforce 360 native or equivalent for interoperability: The PIP layer is advised to be used with Salesforce Data 360, given its strengths in real-time enrichment, semantic data processing, and zero-copy integration. It enables trust scoring and explainable governance through unified metadata and behavioral context.
Policy Enforcement Point (PEP)
The PEP serves as the first layer of defense, intercepting invocations from agentic or traditional IT systems and initiating the zero trust control flow. It works in close conjunction with the PIFP to validate authentication, authorization, credential integrity, token signatures, and scope claims before delegating decision-making to the MuleSoft-powered PDP engine.
Design principles:
- Guard: Enforce policy decisions consistently across diverse enforcement surfaces
- Control: Regulate flow, throttle abuse, and apply rate limits to protect downstream systems
Policy enforcement is enabled through MuleSoft’s universal API management capabilities, beginning with an API governance framework that applies industry-standard rulesets, many available out of the box, with the flexibility to define custom zero trust-specific policies aligned to organizational frameworks. APIs are designed using the OpenAPI Specification (OAS) within Einstein-powered Anypoint Code Builder, which adheres to governance guardrails established upstream.
These APIs are then published and implemented either on MuleSoft’s classical runtime or via the lightweight, modern Flex Gateway for non-MuleSoft environments. Regardless of enforcement surface, governance rulesets are applied uniformly, even at runtime, ensuring end-to-end API governance across all API and agent deployments through a single, unified runtime fabric.
PEPs may reside within gateways, agents, service meshes, or application layers, enforcing decisions via headers, tokens, or API contracts. Integration with MuleSoft enables programmable enforcement via flows, while compatibility with legacy systems ensures broad coverage. Whether enforcing access, masking data, or triggering escalation, the PEP ensures every decision made by the PDP is executed with precision, accountability, and policy fidelity.
Policy Governance Point (PGP)
The PGP governs exception handling and delegated decision-making across the zero trust security fabric. It acts as the escalation and oversight layer, surfacing anomalies, errors, and unauthorized requests for human-in-the-loop intervention.
Design principles:
- Govern: Surface policy exceptions and anomalies for transparent review
- Delete: Initiate trusted handoffs across agents, humans, and systems through contextual triggers and modular orchestration
The Governance block is typically powered by Slack, where MuleSoft integrates to deliver real-time alerts for anomalous activity, policy violations, and blocked requests. Beyond alerting, PGP triggers workflows for human review, allowing delegated decisions to be made while the original request is denied or held in interim.
Depending on the time required for resolution, MuleSoft’s support for event-driven integration patterns enables the system to tap asynchronous responses and resume processing once a decision is made. This is especially critical in multi-agent orchestrations, where downstream agents may be waiting for authorization to complete a task. PGP ensures that governance is not only reactive but orchestrated, bridging automated enforcement with human judgment in real time.
Policy Visualization Point (PVP)
The PVP provides real-time visibility into policy decisions, enforcement outcomes, and system behavior, enabling stakeholders to monitor, interpret, and refine zero trust posture across agentic and traditional workflows.
Design principles:
- Plot: Surface decision paths, enforcement outcomes, and anomalies in human-readable formats
- Learn: Enable continuous learning through interactive dashboards, traceable insights, and governance-driven feedback loops
The visualization in the context of native Salesforce 360 architecture is powered by Tableau Next, which renders policy telemetry, trust scores, and enforcement outcomes in intuitive, role-based dashboards. It surfaces PDP decision flows, PEP actions, and PGP escalations, enabling anomaly tracking, policy drift detection, and continuous governance refinement.
Tableau can source telemetry directly from Salesforce Data 360, or from equivalent platforms via MuleSoft connectivity, ensuring flexibility across deployment models. This allows zero trust posture to be monitored, explained, and optimized across agentic and traditional workflows.
MuleSoft’s role alongside data 360 security features
Data 360 offers robust out-of-the-box (OOTB) security capabilities, such as permission sets, field-level security, data masking, Data 360 governance and logging. These controls are often sufficient for enforcing zero trust principles within the Salesforce trust boundary. However, MuleSoft’s role varies significantly depending on the trust boundary of the implementation.
To avoid duplication and optimize for control, maintainability, and orchestration, we must evaluate where MuleSoft adds unique value, and when Data 360’s native controls are sufficient. Crucially, this decision-making process for MuleSoft vs. Data Cloud for overlapping functionalities must also be governed by the enterprise architecture, the overarching cyber strategy, and a clear cost-benefit analysis.
| Decision Matrix: MuleSoft vs. Data 360 security | |||||
|---|---|---|---|---|---|
| Scenario | Trust boundary | Primary security controls | MuleSoft’s role | Recommended usage | Risk of duplication |
| Full Salesforce Ecosystem | All transactions within Einstein Trust Layer | Data 360 permission sets, sharing rules, segment activation, audit logging | Complementary | Use MuleSoft selectively for agent-aware orchestration, external API exposure, or advisory routing | High: Avoid replicating ABAC, identity resolution, or logging already handled by Data 360 |
| Hybrid Ecosystem | Mixed: some within, some beyond Einstein Trust Layer | Data 360 governs internal; external systems lack unified controls | Strategic bridge | Use MuleSoft to normalize trust signals, enforce policies across boundaries, and orchestrate external workflows | Moderate: Ensure clear separation of internal vs external enforcement logic |
| External Ecosystem | All transactions outside EinsteinTrust Layer | No native enforcement; Data 360 or equivalent provides context only | Foundational | Use MuleSoft as PDP + PEP with Agent Fabric for orchestration and API Manager for runtime enforcement | Low: MuleSoft is essential for policy execution, logging, and governance |
360 zero trust security fabric use case illustration
In mission-critical defense environments, access to protected systems must be governed by dynamic, context-aware orchestration, not static credentials. The Defense Access Cascade illustrates a zero trust architecture where the Policy Subject Point (PSP), the mission initiator, can be a human operator, autonomous agent, or part of a multi-agent/human-agent workflow. This flexibility allows for scalable orchestration across tactical, operational, and strategic layers.
The flow begins with a triggering event, such as mission assignment activation, which prompts the PSP to request access to a protected enclave. This request is intercepted by the MuleSoft Policy Enforcement Point (PEP) (i.e. API Gateway), which routes it to MuleSoft, acting as the Policy Decision Point (PDP). MuleSoft orchestrates the decision logic by engaging multiple trust signals:
- PIFP (Salesforce Identity) validates the agent’s identity, role, and clearance level.
- PIP (Salesforce Data 360) enriches the request with contextual telemetry, location, mission urgency, device posture, and historical behavior.
- PGP (Slack) enables escalation pathways for anomalous or high-risk requests, allowing human oversight and collaborative decision-making.
- PVP (Tableau Next) visualizes the outcome, trust score, and audit trail, ensuring transparency, accountability, and operational integrity.
The orchestration culminates in a post-decision action: the agent may be granted access, engaged for further verification, or rejected outright. Feedback loops and dashboards reinforce governance and enable continuous refinement of access policies.
A digital twin approach
Industries like financial services, healthcare, and critical infrastructure operate under strict regulatory and operational constraints, where deploying new access orchestration models can raise legitimate concerns around risk, compliance, and system integrity.
To address this, CRMArena can function as a digital twin, a controlled simulation environment that mirrors real-world workflows, agent behaviors, and policy enforcement logic. It allows teams to test zero trust orchestration flows, validate escalation paths, and observe decision outcomes without touching live systems.
By replicating the full Salesforce360 stack, MuleSoft (PDP), Salesforce Identity (PIFP), Data 360 (PIP), Slack (PGP), and Tableau Next (PVP), CRMArena provides a safe space to iterate, refine, and build confidence in the architecture’s resilience and adaptability. It’s a proving ground designed to support regulated industries in making informed, risk-aware decisions about secure access orchestration.
The fabric of it all
The 360 zero trust security fabric shifts organizations from perimeter-based defense to continuous, explicit verification. It starts at the Policy Enforcement Point (PEP), which validates identity before delegating to the MuleSoft-powered Policy Decision Point (PDP). The PDP orchestrates access using the Salesforce C360 ecosystem (PIFP for identity, PIP for contextual data, PGP for human oversight via Slack, and PVP for transparency via Tableau Next), ensuring a contextually grounded, explainable, and adaptable security posture.
Designed for native trust and efficiency with Salesforce 360, it also interoperates with complex hybrid and legacy platforms. For regulated industries, a digital twin simulates access flows and validates policies in a risk-free environment, moving from theory to confident, compliant deployment. Ultimately, this fabric is the foundation for secure, explainable, and trustworthy collaboration between autonomous AI and human agents.
Whether you’re working on zero trust, agent-led orchestration, or improving access in complex environments, there are a few ways to take the next step:
- Start a conversation internally with your architecture or security teams to map your current setup and identify where these ideas could apply.
- Connect with your local MuleSoft team to learn more about platform capabilities and how they support these patterns.
- Reach out to us if you’d like to explore the architecture, challenge the ideas, or shape a version that fits your mission.
This zero trust architectural POV is meant to be validated, adapted, and battle-tested within your organizational context. Whether you’re just starting out or already deep in the journey, we’re happy to help.
