Glumes ITSalesforce Ecosystem Experts
Back to Blog
Artificial Intelligence

Prompt Builder & the Einstein Trust Layer Explained

Glumes TeamJuly 30, 20259 min read

What the Trust Layer actually does

Every generative call from a Salesforce feature routes through a proxy that performs, in order:

1. Secure Retrieval        — merge fields + Data Cloud grounding
2. Data Masking            — PII replaced with tokens (name → [NAME_1])
3. Prompt Defense          — jailbreak / injection detection
4. Zero-Data-Retention     — provider contractually prohibited from training on prompts
5. LLM call                — OpenAI, Anthropic, Bedrock, private endpoint
6. Toxicity Detection      — response scanned
7. De-Masking              — tokens restored for the end user
8. Audit Trail             — full transcript stored in Data Cloud (`GenAiInteraction`)

Nothing in this chain is optional; it's how Salesforce ships "enterprise-safe" AI.

Prompt Template anatomy

Prompt Templates are metadata. Types:

  • Sales Email — bound to Contact + Recipient
  • Field Generation — populates one field on save
  • Record Summary — surfaces on a record page
  • Flex — you define inputs

Merge with Handlebars-style syntax on Salesforce/Data Cloud objects:

You are a rep at {!$User.Company.Name}.
Draft a renewal outreach for {!Opportunity.Account.Name}.

Context:
- Product: {!Opportunity.Product__c}
- Term ends: {!Opportunity.CloseDate}
- Last 30d support cases: {!Related.Account.RecentCases}

Rules:
- Under 150 words.
- Reference at least one recent case.
- Sign off as {!$User.FirstName}.

Grounding with Data Cloud vector search

Prompt Template
  {!Retriever:KnowledgeArticles(query=input.question, k=5)}

At runtime, the retriever runs a vector search on the specified DMO/CIO and injects the top-K chunks with citations.

Bring Your Own Model (BYOM)

Model Builder connects an existing endpoint:

{
  "provider": "AzureOpenAI",
  "endpoint": "https://my-openai.openai.azure.com/",
  "deployment": "gpt-4o-mini",
  "auth": { "type": "namedCredential", "name": "AzureOpenAI_NC" },
  "context_window": 128000
}

Trust Layer wraps it automatically — masking, defense, audit all apply.

Testing prompts before shipping

Use the Prompt Builder → Preview with test rows from Data Cloud. For CI:

curl -X POST "https://.../services/data/v62.0/einstein/prompt-templates/Draft_Followup_Email/generations" \
  -H "Authorization: Bearer $TOKEN" \
  -d '{"inputs":[{"variables":{"Opportunity":"006xx..."}}]}'

Assert on presence/absence of PII, length, forbidden terms — not exact wording.

Cost & throughput

  • Every generation costs "Einstein Requests" — meter per feature
  • Cache repeated summaries via Data Cloud (AccountAiSummary__c)
  • Batch offline summaries in Automation Studio / Jobs; keep interactive latency low

Governance checklist

  • All prompts in Git as metadata
  • Every template reviewed by security before publish
  • Sensitive fields tagged for masking policy
  • Audit dashboard: which reps used which templates, acceptance rate
  • Kill-switch: disable a template in production without a deploy
Prompt BuilderEinsteinAI Trust

Related articles