In our Engineering Energizers Q&A series, we spotlight the brilliant engineering minds driving innovation at Salesforce. Today, we feature Meir Amiel, President and Chief Infrastructure Officer, who leads our Hyperforce Infrastructure and Trust teams.
Meir’s organization operates the foundational, trusted infrastructure powering unified Agentforce 360 Platform— spanning Data 360, Salesforce Platform, Agentforce, and MuleSoft — to support Customer 360, Industries, Tableau, and Slack product lines. Their work forms the backbone of Salesforce’s Agentic Enterprise, enabling customers to operate safely, securely, and at scale in all environments including the most regulated ones. Trust is critical in realizing the Agentic Enterprise vision.
Explore how Meir’s team built and unified a trusted infrastructure across major product lines over the past four years — delivering a seamless experience for customers with minimal or no disruption. Also, discover how they tackled massive architectural challenges to secure 20 trillion annual transactions at their perimeter across 17 countries with 25 regions, and how their zero-trust infrastructure helped mitigate DDoS attacks peaking at multi-terra bytes per second.
What is your team’s mission building enterprise-grade AI agent infrastructure for customers operating across highly regulated industries?
We enable enterprise-grade AI agents that are secure, compliant, and scalable, with trust, governance, availability and observability as top priorities. Our team operates at an enormous scale, serving hundreds of thousands of customers and hundreds of millions of users with trillions of daily transactions across 17 countries and 25 regions, each with its own set of compliance requirements. This includes support for Government Cloud, where security and compliance are paramount.
The team recognized an important opportunity: with each M&A, new products, technologies, and policies bring valuable diversity — but also varying levels of maturity across stacks. To enable the agentic AI era, we needed to drive consistency and raise the bar across all systems. This means ensuring common guardrails, unified policy enforcement, seamless cross-product integrations, and consistent controls for data residency, encryption, performance, auditability, and lifecycle management — so every product meets Salesforce’s high standards for trust and reliability.
To address this, Hyperforce Infrastructure teams evolved our trust services as a foundational trust platform, which can be likened to a castle protected by multiple layers of defense. Each layer of the platform provides independent security, ensuring that compromising one does not breach the entire system. As an example, bringing MuleSoft and Tableau onto Hyperforce demonstrates how this platform enables consistent and standardized secure operations across multiple geographies, with built-in guardrails at every layer. The Hyperforce infrastructure forms the bedrock, providing robust and effective scalable cloud infrastructure and services. On top of this, Data 360 governance ensures that customer data is managed and accessed for our enterprise customers. Salesforce Platform’s Shield encryption secures data at rest through the Hyperforce Trust Layer while Security Center offers comprehensive visibility and monitoring for our customer multi orgs. The Hyperforce PKI infrastructure helps standardized approach on data security needs across all the platform layers with seamless integration and secure communication across all products.
Data Security Scale:
- Processes over three billion monthly key encryption/decryption transactions
- More than 15 petabytes of data have been backed up using a data resilience managed capability
- Issues three billion+ customer facing certificates monthly
This multi-layered approach allows us to maintain continuous operations across a wide range of industries, from aviation to healthcare to government services, without disruption. It ensures our customers realize their Agentic Enterprise operates safely and efficiently, meeting the highest standards of security and compliance.
What integration challenge emerged when systems are at different stages of maturity?
The core challenge was harmonizing divergent security models across independently evolved technology stacks. For example, MuleSoft and Tableau were operating outside Hyperforce with their own infrastructure. Meanwhile, Data 360, maturing within the Hyperforce ecosystem, needed integration into the Unified Salesforce Platform without compromising security or performance.
To address this, our engineering teams redeployed MuleSoft and Tableau applications and services onto Hyperforce, modernizing the application layer and establishing uniform security standards across all systems. The immediate benefits included:
- Private and secure connections across unified Agentforce 360 Platform: Data 360, Agentforce, Salesforce Platform, Tableau, MuleSoft and customer environments.
- Significantly reduced latency across all platform layers.
- Simplified operations with uniform security standards.
- Elimination of custom integration and bespoke solutions, streamlining the process and reducing maintenance overhead.
This strategic approach aligned the security models and set a robust foundation for scalable and secure operations across the Agentforce 360 platform.
What scalability challenges emerge handling transactions at perimeter across 17 countries and 25 regions with different compliance requirements?
Operating at Hyperforce scale introduces unique challenges at the perimeter. We process over 20 trillion transactions annually at the perimeter and 1.5 trillion monthly across highly distributed systems. Managing 4.5 million domains demands fully automated and policy-driven security control deployment, while maintaining compliance across 17 countries and 25 regions, each with distinct regulatory frameworks. For example, European customers require strict data residency under GDPR, ensuring data never leaves their borders.
At this magnitude, even a small misconfiguration can impact hundreds or thousands of customers simultaneously. Our strategy for high reliability and availability includes various organizational facets such as our service ownership model, incident management, and operational reviews. Key technical elements of our strategy include our monitoring architecture, AI-driven operations automation, and automated safety mechanisms for production changes.
Core initiatives for reliability & resilience:
- DDoS Remediation and Mitigation Platform: Real-time, end-to-end DDoS defense powered by machine learning–driven detection and mitigation, complemented by GenAI-based analysis and insight summarization.
- Automated Redundancy: Continuous failure detection with seamless recovery for full and partial outages.
- Blast Radius Limits: Hyperforce cells isolate failures to contain impact.
- Compartmentalization: Fault-tolerant APIs and independent service boundaries prevent cascading failures.
- Auto-Scaling: Rapid scaling up or down based on resource saturation — no manual intervention.
- Fast Rollbacks: Targets measured in minutes, aided by feature flags and automated rollback testing.
- Comprehensive Protections: Load-shedding, tenant fairness, WAFs, and multi-layer security from perimeter to core.
- Soft Dependencies & Async Design: Caching and brokered communication maintain continuity under stress.
- Fault-Tolerant APIs: Timeouts, circuit breakers, and retries with backoff minimize disruption.
- Quota Management: Central monitoring of capacity constraints (e.g., IPs, IOps, clusters) to prevent runtime limits.
These strategic safeguards ensure our perimeter remains resilient, compliant, and secure — even as we operate at an unprecedented global scale.
What architectural challenges arise implementing zero-trust communication across Platform and Product Clouds without performance degradation?
When we set out to integrate independently evolved product clouds on Hyperforce like Data 360, Salesforce Platform, MuleSoft and Tableau — we recognized that security alone wasn’t sufficient. The real challenge was enabling zero-trust communication across systems built at different times, for different purposes, and under varying regulatory expectations, all while maintaining performance. Each cloud had its own unique identity, compliance boundaries, and operational characteristics. For example, Hyperforce operates across 17 countries with strict data residency rules, Platform’s Shield enforces deep encryption and audit capabilities, and MuleSoft handles large-scale integration workloads. Integrating these systems required a fundamental rethinking of communication.
To address this, we moved security enforcement from individual services to the platform itself. We developed a zero-trust fabric using a service mesh architecture with sidecar proxies. This ensures that every connection, regardless of size, is authenticated, authorized, and encrypted by default. The design includes mutual TLS for every service-to-service call, encryption for data in motion and at rest, and runtime protections to secure data during use.
Additionally, performance was a critical consideration. To maintain responsiveness, we flattened network topologies to create more direct communication paths, introduced circuit breakers to avoid routing traffic through degraded systems, and isolated services to contain faults before they spread. Automated traffic management ensures that the system can instantly reroute around failures without human intervention.
The outcome is a unified, zero-trust communication layer that enables seamless collaboration among our clouds while respecting each environment’s security and compliance requirements. Whether it’s Tableau connecting to Data 360 or Agentforce invoking MuleSoft, every interaction is secure, private, and fast.
What challenges arise building machine learning systems that detect terabyte-scale DDoS attacks without external AI dependencies?
The complexity arose from protecting tier-zero services that cannot rely on external platforms during attacks. If an LLM provider like OpenAI experiences downtime, we cannot depend on external AI services for analysis and decision making. The platform needed real-time detection and mitigation capabilities at terabyte scale, operating independently and integrated across DREAM (DDoS Response and Mitigate) platform.
To address this, we developed an AI policy reviewer using local machine learning (ML) models instead of large language models (LLMs). This system analyzes traffic patterns, provides semantic validations, and compares current traffic fingerprints against historical baselines. When it detects anomalies, it deploys targeted mitigations to address specific threats. For reporting and summarization of the attack and insights, we leverage generative AI at scale.
The platform leverages AI strategically across multiple security functions:
- Real-Time Threat Detection: Using local ML models to identify attacks.
- Post-Attack Analysis: Generative AI creates detailed incident summaries.
- Automated Reporting: AI-generated summaries are posted in Slack channels.
The results are impressive: the platform mitigated the largest attack on record, which reached 1.6 terabytes per second from millions of IPs across 130+ countries. Full mitigation was achieved within 10 minutes through automated response, demonstrating that ML-based defenses can handle extreme threat volumes without external dependencies.
How does the platform quantify operational impact on our infrastructure and mission-critical systems being protected, in terms of attack mitigation speed?
At Hyperforce scale, speed is everything. The ability to detect, isolate, and neutralize attacks in seconds determines whether millions of customer transactions continue uninterrupted or face disruption. Our platform is built with multiple defensive layers, ensuring that even if one component is compromised, the system as a whole remains secure. That resilience is measurable. Key metrics illustrate the scale and responsiveness of our defenses:
- 10-minute global rollback capability to recover from edge-layer incidents.
- Multi-terabyte of active DDoS mitigation capacity
- Global protection across millions of attacker IPs spanning 130+ countries.
- 20 trillion annual transactions secured across 4.5 million domains.
But numbers alone don’t tell the full story. To truly understand and continuously improve our operational posture, we needed a unified, real-time view of how well our defenses perform and where to focus next. That led to the creation of Hyperforce Trust Platform measurement framework, built “Salesforce on Salesforce.”
The framework leverages Data 360, Tableau Next, Agentforce 360, and Slack to build an automated KPI platform that turns infrastructure telemetry into actionable business insights. It standardizes metrics across our ecosystem — security, reliability, compliance, and cost — so every team can see not just what’s happening, but what matters most.
The framework provides:
- End-to-end visibility into the operational health and trust posture of Hyperforce.
- A unified KPI model that keeps metrics consistent and comparable across clouds and teams.
- Actionable insights that drive prioritization and measurable business impact.
- Reduced noise and redundancy by eliminating fragmented dashboards and duplicate reporting.
- Business-aligned metrics that focus on adoption, risk reduction, and cost to serve—not just technical uptime.
By combining multi-layered defense with unified observability, Hyperforce quantifies how fast it mitigates attacks, how effectively it reduces risk, and how much business value those safeguards deliver. The result is a platform that’s not only secure and compliant, but also continuously learning, adapting, and optimizing for trust at global scale
Learn more
- Stay connected — join our Talent Community!
- Check out our Technology and Product teams to learn how you can get involved.
