Summer ’26 Release Architect Highlights: Sharing, Security, and Agentic Integration
Summary
The Summer ’26 Salesforce release introduces critical security updates including a major Apex security model shift enforcing user-mode operations by default and the removal of the WITH SECURITY_ENFORCED clause. It mandates architects to act now on changes like OAuth and SOAP API retirements, SAML framework updates, and IPv6 preparations. The release also expands design considerations with Beta features such as Elastic Limits for Async Jobs and Agentforce Observability enhancements. A key highlight is the Agentic integration evolution through the Model Context Protocol (MCP), enabling dynamic AI agent integrations and multi-agent orchestration, which requires fresh architectural thinking about boundaries, governance, and tooling. Salesforce teams should audit existing code for sharing declarations, plan migration strategies, and incorporate observability and policy layers from the start to build resilient, secure, and scalable AI-powered architectures.
Takeaways
- Audit Apex classes for explicit sharing and remove WITH SECURITY_ENFORCED queries before API v67 upgrade.
- Plan migration from OAuth username-password flow and SOAP API login() retirement deadlines now.
- Leverage MCP for flexible Agentforce integrations and enforce access with Agentforce Gateway policies.
- Design multi-agent architectures with domain-specific agents to improve reliability and observability.
- Incorporate observability metrics and custom scorers into Agentforce deployments from the start.
Every Salesforce release requires an architect’s attention. Your mandate is not to read everything, but to immediately identify changes that invalidate existing decisions, break production systems, or unlock new design possibilities. We will review the Summer ’26 Release in order of architectural priority: Act now Rethink design decisions Explore design opportunities This release delivers substantial opportunities in the third category, but it also contains more critical items in the first two than a typical release. 1. Act now: Security changes with hard enforcement dates This category covers critical updates across authentication, security, and platform architecture that require immediate action and testing. Start these conversations with your customers now, because each of these requires architectural change beyond a configuration toggle. Review the Apex security model changes in API version 67.0 Three changes arrive together in API version 67.0 (v67.