
TL;DR
- Salesforce Ben is right: technical debt, security gaps, AI trust issues, admin overload, and weak DevOps maturity are real Salesforce risks.
- But they’re actually five separate problems. They’re all symptoms of the same underlying failure: the org no longer explains itself.
- The competitive advantage will go to companies with the clearest understanding of how their complexity actually works.
****
Salesforce Ben recently published a smart piece on the five most dangerous trends in Salesforce right now, which include technical debt, security ownership gaps, AI moving faster than trust, admin overload, and DevOps practices falling behind platform complexity. I highly recommend reading it, but in the interest of time: The whole article is based on the 2026 SF Ben Salesforce Admin Survey, which found that 58.6% of respondents agree Salesforce is becoming increasingly complex to work with, 53.1% believe too much is being expected of admins, and 56.3% name technical debt as their most difficult task.
I agree with this diagnosis.
However, I think the deeper problem is even simpler, and covers the underpinnings of all of those they listed:
The org cannot explain itself anymore.
Bear with me.
Imagine the journey…
Salesforce becomes the operational center of the business.
Every team touches it. Changes are made and made and made.
And then, one day, the business looks back at the system it’s built and realizes no one can fully explain how it works.
The system has become, in a way, alive.
Complexity Is Not the Enemy
The usual story is that Salesforce complexity is a mess to clean up.
Some of it is. Dead fields, abandoned automations, stale permissions. Those all need to go.
But not all complexity is debt.
A lot of it is context.
A custom field might exist because the standard process did not match how the business actually sold. A validation rule might represent a painful lesson from a broken handoff. A weird approval path might encode a real compliance requirement. A messy-looking flow might be the place where three teams negotiated how work should actually move.
If you strip all of that away in the name of making Salesforce “clean,” you may get a prettier org. You may also erase all of the information on how the company really operates.
A paradox that Salesforce teams are living with right now: your business needs the org to move faster, but the org has become harder to understand. The complexity slows everyone down, but some of that complexity is also the only map you have.
“Remove complexity” is, then, far too simple of a goal. Teams need to instead make their complexity legible.
Technical Debt Is an Understanding Problem
Salesforce Ben’s first trend: technical debt becoming everyone’s problem and only 1 in 50 orgs consider themselves clean and well-maintained.
Exactly, painfully right. Important distinction though: tech debt isn’t just that old things exist. It is that no one knows which old things still matter.
There is a huge difference between: “This field is old” and:
“This field is old, but it feeds a renewal workflow, appears on three page layouts and is still used by the enterprise sales team once a quarter.”
One is cruft. The other is craft, so to speak.
Go ask your team right now. I’m sure they don’t any lack opinions about their tech debt. But they also do lack confidence. They don’t know what they can safely remove, what they can consolidate, or what will break if they touch the wrong piece.
That is why reactive cleanup becomes a quarterly aspiration instead of a proactive operating motion. Everybody agrees that the garage needs to be organized. Nobody wants to be the person who throws away the box that somehow contains the deed to the house.
So, every box needs to be checked again and again and again.
Security Risk Is Also a Context Problem
Next, the Salesforce Ben piece points to security being treated as someone else’s responsibility, including low awareness of Salesforce’s Shared Responsibility Model and uneven enforcement of least privilege.
In Salesforce, security extends beyond a policy question… it is more broad than that… a systems question.
Who can see this field?
Who can update it?
Which permission set granted that access?
Security teams want clean answers. Salesforce often gives them archaeology.
Once AI enters into the Thunderdome, the stakes change drastically. A human with too much access is already a problem. An agent with too much access, operating quickly and confidently across connected systems, is a different class of problem.
AI Trust Isn’t All About the Model
The third trend is that AI adoption is moving faster than trust. Salesforce Ben reports that 58% of admins have serious concerns about AI-related risks, and that trust is the top barrier to successful AI adoption.
Everyone wants to talk about whether the model is good enough. Increasingly, folks are wondering less and less about that part.
The hard part is whether the agent understands the system it is acting inside.
Salesforce itself is pushing toward the Agentic Enterprise: humans and agents working inside the systems that run the business, with Salesforce positioning Customer 360, data, apps, metadata, governance, and agents as part of a unified platform. And their direction makes total sense.
But it also raises the bar.
An AI agent does not just need knowledge context. It does not only need access to articles, FAQs, meeting notes, and records.
It needs structural context.
It needs to know that changing this field will trigger that flow. That this automation depends on that value. That this permission set exposes that object. That this “simple” change touches revenue recognition, customer onboarding, sales compensation, and a managed package nobody wants to disturb.
Admin Overload Is What Happens When Context Lives in People
The Salesforce Admin role has become impossibly broad. The SF Ben survey found that 53.1% of respondents believe too much is being expected of admins, and the article describes admins absorbing business analysis, project management, training, documentation, troubleshooting, automation, release management, and increasingly technical responsibilities.
Not sustainable. Not at all.
In too many organizations, the admin is the map.
The admin knows why the field exists. The admin remembers which integration breaks when the picklist changes. That knowledge is incredibly valuable. It is also incredibly fragile and there’s often no redundancy to cover vacation, sickness or churn.
When context lives only inside people’s heads, every project starts with rediscovery.
We need to stop asking admins to carry the entire operating model of the business in their heads. We should give them systems that carry the context with them.
Maturity Is Not Just About Deployment Tools
The final Salesforce Ben trend is that DevOps maturity is not keeping pace with platform complexity. The article notes that Change Sets still dominate as the primary deployment mechanism for 41.6% of respondents, while 10% still make changes directly in production.
It is easy to read that and say, “Teams need better deployment tools.”
And yeah. Okay. Some do.
But deployment is not always just a pipeline problem.
Sometimes, it’s a problem of confidence.
A mature deployment process answers more than “Can we move this change?”
It answers:
- What depends on this?
- What should be tested?
- What changed since the last time we looked?
- Is this safe to ship?
Without understanding, even a modern DevOps process can become a very efficient way to move uncertainty from one environment to another.
The future of Salesforce delivery is CI/CD with structural context.
When Critical Infrastructure Isn’t Observable Infrastructure
Here’s the big reveal, then, the thread connecting all five trends.
Salesforce is no longer “the CRM” in the narrow sense. It is the place where go-to-market strategy, customer data, automation, approvals, integrations, permissions, AI, reporting, and business process all collide.
It has become, no doubt, critical infrastructure.
But most organizations still understand it through tickets, tribal knowledge, static documentation, and manual investigation.
That gap is the real risk.
Not complexity by itself.
Not AI by itself.
Not technical debt by itself.
The risk is running a business-critical system that changes constantly, while understanding it only occasionally.
The Way Forward Is Not a Giant Cleanup Project
The most comforting answer is to say: clean up the org first.
Clean everything. Document everything. Refactor everything. Then adopt AI. Then modernize DevOps. Then fix security. Then give admins strategic time.
The problem is that almost no business gets to pause long enough to do that.
The roadmap does not stop. Sales still needs changes. Service still needs workflows. Finance still needs reporting. Leadership still wants AI. The next acquisition, territory model, pricing package, compliance review, and product launch are not waiting politely for your metadata spa weekend.
So the answer cannot be “clean first, move later.”
The answer has to be:
Understand continuously. Change safely. Improve as you go.
That is the shift.
Treat Salesforce like a living system. Maintain a live model of how it works. Make dependencies visible. Make ownership clear. Make risk detectable before it becomes breakage. Let admins, architects, business leaders, security teams, and AI agents operate from the same understanding of the org.
Not a one-time audit.
Not a PDF that starts decaying the moment it is exported.
A living map.
Your Complexity Is the Context That AI Needs To Work
This is where I think the Salesforce conversation needs to move next. For years, the instinct has been to hide complexity from software. Give the system a clean abstraction. Smooth the weird edges. Pretend the business is more orderly than it is.
But AI changes the value of the underlying structure.
The messy, real, adapted version of your Salesforce org contains years of business behavior. It shows where process met reality, where teams disagreed, where exceptions became standard practice.
It shows what the company actually became.
That does not mean every piece should stay.
It means you should understand it before you remove it, automate it, secure it, or hand it to an agent.
The clean Salesforce in the slide deck does not exist.
The Salesforce you actually run is full of history.
That history can either remain buried as risk, or it can become context.
Salesforce Ben is right to call these trends dangerous.
But I would frame the danger this way:
The most dangerous Salesforce trend is not technical debt.
It is not admin overload.
It is not DevOps immaturity.
It is not even AI moving faster than trust.
The most dangerous trend is that companies are asking Salesforce to move faster at the exact moment they understand it less.
The move now is to stop pretending complexity can be eliminated.
Instead, it’s time to make it visible, useful, and confidently safe to build on.



