Arkin Took the Anthropic CISO Job. The 112 He Left at Salesforce Are the Trade.

Brad Arkin posted on LinkedIn that Friday January 30, 2026 was his last day at Salesforce and that he has joined Anthropic as Chief Information Security Officer. Most coverage will treat that as the story. It isn't. The story is the roughly 112 product-security, detection-and-response, and third-party-risk engineers who used to report up through him, and where they land over the next two quarters.

If you recruit for an AI lab, an AI-native security startup, or an enterprise standing up an "AI Trust" function, this is the most concentrated pool of agent-relevant security talent that has hit the market in the last 18 months. And almost none of them have updated their LinkedIn headlines yet.

What actually happened under Arkin

Arkin ran Salesforce's Trust org from February 2024 to January 30, 2026. Per employee forums (community-reported, not company-confirmed), the security team contracted from roughly 300+ engineers to 188 across his tenure. That is the ~112-person delta the headline is built on. It tracks with Salesforce's broader 2025 restructuring: about 5,000 roles cut over the year, including 1,000+ in February and another 4,000 in support, against Marc Benioff's stated posture that Salesforce did not hire a single new engineer in fiscal year 2026 because coding agents were doing the work.

Arkin's replacement is Iain Mulholland, previously deputy CISO for Google Cloud and technical infrastructure. New CISOs reorg. Expect a second wave of Trust-team departures over the next two quarters as Mulholland's structure settles in. If you are sourcing this cohort, you are not chasing one event, you are watching a six-month window open.

112

Why this cohort is unusually valuable right now

Arkin's Trust org wasn't a generic security team. He described its scope as IT security, product security for the data Salesforce stores, governance/risk/compliance, and detection and response across both corporate systems and customer-facing products. That last piece, product-side D&R at a SaaS platform with deep third-party integration surface, is exactly the muscle frontier labs need.

Two specific reasons.

They lived through the Salesloft-Drift breach

In August 2025, the Salesloft/Drift chatbot integration was compromised (UNC6395), and the OAuth supply chain blast radius hit 700+ Salesforce tenants. The named victim list reads like a who's-who of the security industry: Cloudflare, Google, PagerDuty, Palo Alto Networks, Proofpoint, SpyCloud, Tanium, Zscaler, JFrog, Workiva, Fastly, Nutanix, Cato Networks, Dynatrace, HackerOne, Bugcrowd. Every one of those vendors has at least one incident-response engineer who personally coordinated with Salesforce's D&R team during the August-September 2025 response.

The lesson the industry took from Drift: long-lived OAuth tokens are the new keys to the kingdom, and integration trust is invisible until it isn't. That is not a SaaS problem. It is the exact attack class that MCP servers, Claude tool-use, and Operator-style agents create at scale. Engineers who have already defended a 700-tenant blast radius against OAuth abuse have done something almost nobody else on the market has done in production.

Arkin was already building agentic-AI defenses inside Salesforce

Before he left, Arkin was publicly talking about building agents to foil data poisoning, prompt injection, privilege escalation, malicious code generation, and data leaks, plus vetting MCP servers as Salesforce employees began wiring agents into internal APIs. On Risky Business Features he framed the CISO job in 2026 as "attackers are operating at unprecedented scale, and internal users are adopting AI faster than security teams can keep up." His team built against that. The diaspora carries that playbook with them.

The contrarian read on the headcount cut

The 112-person delta is being read in the financial press as a cost story. It is also a credential. Arkin spent two years normalizing AI-assisted productivity inside a security org and proved he could run a 188-person Trust team where a 300-person team used to sit. That is precisely the operating model a frontier lab needs from a CISO: scale security coverage without scaling headcount linearly with product surface.

Which is also why Anthropic almost certainly cannot absorb the whole cohort. Anthropic's security org is small relative to 188. Most of the 112 will not land at Anthropic. They will land at OpenAI (under Dane Stuckey, formerly Palantir CISO), Google DeepMind's Frontier Safety org, and AI-native security startups: Lakera, Prompt Security, Protect AI, Robust Intelligence. A meaningful slice will end up inside Fortune 500 enterprises standing up internal "AI Trust" functions, because every Salesloft-Drift victim now has board pressure to build that capability in-house.

The 112 he didn't backfill aren't a failure. They're proof he can run security lean. That's the resume.

Why your Boolean is missing them

Two reasons most recruiters will whiff on this cohort even with the news in hand.

First, the title problem. Salesforce, Cisco, Adobe, Atlassian, and Slack all use "Trust" rather than "Security" in titles. If your Boolean is keyed on "Security Engineer" AND Salesforce, you are missing the entire ("Trust Engineer" OR "Product Trust" OR "Trust & Safety Engineer") slice. That is not a small slice. It is most of Arkin's senior bench.

Second, the staleness problem. Our index check for ex-Salesforce security engineers shows that this cohort is largely not self-labeling as "ex-Salesforce" yet. LinkedIn headline updates lag departures by roughly 3 to 6 months. The recruiting alpha is the window before those updates land. After that, every CISO recruiter in San Francisco is running the same Boolean against the same surface.

This is the exact friction Refolk was built for. Instead of stacking Boolean operators across LinkedIn and hoping the title field is accurate, you describe the person in plain English: "product security or detection-and-response engineers who were at Salesforce Trust between 2024 and early 2026, ideally with OAuth or third-party integration experience." You get a ranked shortlist that pulls from GitHub commit history, conference talks, advisory disclosures, and the open web, not just whatever someone bothered to type into their LinkedIn About section.

The four target lists worth building this week

If you are sourcing into an AI security org in the next 90 days, here are the lists worth assembling now, before headlines catch up.

1. The Salesloft-Drift response cohort

This is the single highest-signal list. Inside Salesforce, it is the D&R and third-party-security engineers who ran the August 2025 response. Outside Salesforce, it is the IR engineers at the 16+ named victim companies who coordinated with them. Cloudflare, Google, PagerDuty, Palo Alto Networks, Proofpoint, SpyCloud, Tanium, Zscaler, JFrog, Workiva, Fastly, Nutanix, Cato Networks, Dynatrace, HackerOne, Bugcrowd. That is your initial outreach map. Those engineers have already built mental models for agent-to-SaaS OAuth abuse in production.

2. The Arkin lineage

Arkin built Adobe's PSIRT over 12 years, then ran security at Cisco as Chief Security and Trust Officer, then Salesforce Chief Trust Officer. He brought people with him each time. The high-leverage move is not pitching Arkin directly (every recruiter in the Bay is doing that). The move is sourcing his Adobe PSIRT and Cisco Talos alumni who followed him to Salesforce. Many of them will follow him to Anthropic too, but only via warm intros, which means the ones who don't get the tap on the shoulder are on the market.

3. The "Trust" title slice

Run searches that include "Trust Engineer", "Product Trust", "Trust & Safety Engineering", and "Office of the CISO" against Salesforce, Cisco, Adobe, Slack, and Atlassian. This is where the OAuth, integration security, and detection people hide from generic security recruiters.

4. The second-wave Mulholland departures

Mulholland will reorg in his first two quarters. Senior engineers who were comfortable under Arkin's structure and don't slot cleanly into a Google Cloud-flavored security org will start interviewing in Q2. Tag them now and revisit in 60 to 90 days.

What Anthropic and peers are actually paying for

For context on the demand side: Anthropic is reportedly scaling its applied AI team 5x in 2026, adding forward-deployed engineers and technical architects to chase enterprise demand. Senior agent-focused engineering comp at frontier labs is running $300K to $550K base, with agentic AI job postings up 280% year over year (roughly 90,000 US postings per Stanford's 2026 AI Index) and postings mentioning agentic AI skills up 986% from 2023 to 2024.

700+

Frontier labs are not paying that comp for generic AppSec. They are paying it for engineers who can reason about an agent that holds a long-lived OAuth token, talks to 40 SaaS APIs over MCP, and can be social-engineered by a prompt injection in a customer support ticket. That description maps onto the ex-Salesforce Trust cohort with uncomfortable precision.

The Anthropic Frontier Red Team and the Constellation-run AI Security Fellows program in Berkeley will likely be the formal evaluation pipeline Arkin routes alumni through. Recent fellows projects stress-tested 16 frontier models in simulated corporate environments where the models autonomously sent emails, accessed sensitive information, and in some runs resorted to blackmail. That work needs people who have run real D&R against real adversaries on real production data, not just academic safety researchers. The Trust diaspora fits.

What to do this week

Three concrete moves.

Build the target list before headlines catch up. Mulholland's appointment was reported in CIO; the team-size contraction is still mostly in employee-forum chatter. You have a roughly 60-day window before this becomes a crowded trade. Tools like Refolk are useful here precisely because they pull from sources that don't depend on the candidate updating their LinkedIn title, which most of this cohort has not yet done.

Write the outreach around Drift, not around AI. The cohort knows Salesloft-Drift was the formative event of their last year. Lead with that, not with generic "we're building the future of AI safety" copy. Specificity beats vision every time on a senior security inbox.

Track the second-tier landing zones, not just Anthropic. Lakera, Prompt Security, Protect AI, Robust Intelligence, OpenAI's security org under Stuckey, and DeepMind's Frontier Safety are all live buyers. If you are sourcing for any of them, the same plain-English query in Refolk surfaces the same cohort. The first lab to actually call them wins.

FAQ

How confident is the "112 engineers" number?

Treat it as directional. The 300+ to 188 figure circulates in employee forums (TheLayoff.com) and is consistent with Salesforce's broader 2025 restructuring, but Salesforce has not published official Trust-team headcount. The right framing for outreach is "a meaningful contraction over Arkin's two-year tenure," not a precise number. The shape of the opportunity does not change if the actual figure is 90 or 130.

Why focus on third-party and OAuth security specifically?

Because that is the exact attack surface agentic AI creates. MCP servers, tool-use APIs, and Operator-style agents all rely on long-lived integration tokens with broad scope. The Salesloft-Drift breach in August 2025 was a real-world preview of what that looks like when it goes wrong, and ex-Salesforce engineers ran the response across 700+ tenants. Almost no other cohort on the market has equivalent production scar tissue.

What's the realistic window before this becomes a crowded trade?

Roughly 60 to 90 days. The Arkin move is now public, Mulholland's appointment is in CIO, and headline-driven recruiters will start running Boolean searches against Salesforce + security within a week or two. The advantage window is the gap between departures and LinkedIn updates, which is typically 3 to 6 months. Move now if you want first-call advantage.

How should I think about Anthropic itself as competition for this cohort?

Anthropic CISO hiring will absorb the senior, network-tap end of the cohort, mostly via warm intros from Arkin himself. They cannot realistically take all 112. The mid-senior tier (IC4 to IC6, 5 to 12 years experience) is wide open and will scatter to OpenAI, DeepMind, AI-security startups, and enterprise AI Trust teams. That is where the volume of placements lives, and that is where a plain-English sourcing query saves you a week of Boolean tuning.