Salesforce AppExchange — the listing layer agents read inside Agentforce

What is Salesforce AppExchange (and AgentExchange)?

Salesforce AppExchange is Salesforce's third-party app marketplace; AgentExchange (launched March 2025) is the Agentforce-specific tier within it. An AppExchange listing makes a vendor discoverable to Salesforce admins; an AgentExchange-tier listing exposes capability metadata, scoped permissions, and MCP-compatible tool definitions that Agentforce can call as part of an agent run.

By the numbers

• 6,233 — apps on AppExchange as of December 2025 from 3,668 unique developers (Appnigma (citing Salesforce AppExchange data))
• 200+ — launch partners at AgentExchange's March 2025 debut with prebuilt Agentforce actions and templates (Salesforce News (AgentExchange announcement))
• 122% — growth in AgentExchange listings between March and October 2025 — 55 apps to 122 (sf9to5 (citing AgentExchange directory snapshot))

Why it matters

Salesforce sits on the largest installed base of agent-routable B2B customers — 91% of Salesforce customers and 90% of the Fortune 500 already use at least one AppExchange app, and Agentforce is the agent surface that runs inside that base. For a vendor whose buyers are Salesforce-using companies, the AppExchange listing is the discoverability layer for human admins and AgentExchange is the discoverability layer for the agents those admins are increasingly delegating to. Being absent from one is a missed-discovery problem; being absent from both is a structural invisibility problem inside the customer's chosen platform.

AgentExchange is the agent-readable face of AppExchange, not a separate marketplace. When Salesforce launched AgentExchange in March 2025, the framing was a rebrand-plus-tier, not a new venue. The same review pipeline, the same publisher console, the same listing surface — with a deeper metadata tier (capability descriptors, scoped permissions, callable tool definitions) that Agentforce reads when it routes an agent run. Listings climbed from 55 to 122 in six months because the marginal cost of layering AgentExchange metadata onto an existing AppExchange listing is small relative to the agent-routing return.

The Agentforce routing layer treats listing tiers as load-bearing trust signals. Security-reviewed managed packages get routed for write operations on sensitive objects; unmanaged packages and link-out apps surface only for read-only retrieval. AgentExchange-tier listings with declared scoped permissions get preferential routing inside Agentforce flows that touch finance, identity, or compliance-adjacent objects. The Security Review investment that historically read as procurement theatre is now an explicit routing input — and the vendor who skips it is invisible to the half of Agentforce traffic that handles the high-value actions.

The MCP convergence is happening at the listing layer. Salesforce's 2025 messaging around AgentExchange explicitly cited MCP compatibility, and the durable shape of an AgentExchange-tier listing in 2026 is increasingly: marketplace listing metadata + linked MCP server endpoint + declared A2A capabilities. The listing is the marketplace's record of the vendor's existence; the MCP server is what Agentforce actually calls. The vendor who treats AppExchange as a static catalog entry misses the fact that the entry is now the front door to a callable surface.

The cost of being absent is silent and compounding. Unlike an SEO drop, marketplace absence shows up as opportunities the vendor never sees: the Salesforce admin who couldn't find your integration installed a competitor's, the Agentforce flow that needed your capability called a security-reviewed alternative instead. None of these are visible without instrumentation, all of them compound, and the customer never tells you. Being late to AppExchange in 2026 is being late to a marketplace that quietly routed half a decade of B2B procurement; being late to AgentExchange is being late to the agent-routing layer being built on top of that same install base.

Where it's heading

The "regular AppExchange" tier and the "AgentExchange-ready" tier are bifurcating. Through 2026-2027, expect the AgentExchange tier to keep accumulating gated features — preferred placement in Agentforce flow suggestions, capability-level trust scoring, audit-trail integration with Salesforce Trust Center — while the basic AppExchange listing recedes to a human-discovery surface. Vendors who don't move to the higher tier will keep their existing leads but won't appear in the agent-driven funnel that's growing fastest inside the customer base.

Capability-level trust replaces binary publisher trust. Salesforce Trust Center is heading toward "this vendor is trusted for read operations on Account objects but not for write operations on Opportunity objects" rather than the current "this vendor is or isn't security-reviewed." Mastercard and Visa are shipping parallel primitives at the payment layer; Salesforce will ship them at the platform layer. The implication: vendors will declare scoped permissions per capability in their AgentExchange metadata, and the Agentforce router will use those declarations as load-bearing inputs.

MCP and A2A become first-class listing primitives, not bolt-ons. Today's AgentExchange listings reference MCP servers and Agent Cards as supplementary metadata. Expect the publisher console in 2026-2027 to make MCP-server endpoint and A2A Agent Card mandatory fields for any new AgentExchange-tier submission, and to layer publisher-level governance (rotation, versioning, deprecation policies) over the linked endpoints. The vendor who hand-rolls a Salesforce REST integration in 2026 is building a maintenance liability; the vendor who publishes an MCP server and registers it through AgentExchange is building a primitive that Salesforce's tooling will keep current.

AgentExchange cross-listing with non-Salesforce agent surfaces. Salesforce, Google (A2A), and the Linux Foundation Agentic AI Foundation are co-developing cross-marketplace capability registries. The likely 2027 shape: a single capability declaration that surfaces in AgentExchange for Agentforce, in Google's agent surfaces via A2A federation, and in the public MCP directory — without duplicate listing work. Vendors who model their capabilities as MCP servers from the start get this for free; vendors who hand-built per-marketplace shims will retrofit.

Pricing signals move from "license tier" to "agent-callable capability priced per invocation." Salesforce's pricing experiments through 2025-2026 (Agentforce per-conversation pricing) point at AgentExchange listings monetizing on a per-capability-call basis rather than per-seat. Vendors who can price their capability per agent call rather than per human seat align cleanly with this shift; vendors locked into per-seat metering will look misaligned with the customer's agent-cost model.

When the AppExchange-only era ends. AgentExchange-tier metadata becomes the de facto AppExchange experience inside 2-3 years — not because basic listings disappear, but because the agent-routing layer becomes the default discovery path even for human admins (who increasingly start tasks by asking Agentforce rather than browsing AppExchange themselves). The window for "ship basic listing now, add AgentExchange metadata later" stays open through 2026; after that, AgentExchange-tier becomes the entry bar.

Common mistakes

• Treating AppExchange as a one-time listing project. Capability declarations rot as your product ships features. An AgentExchange listing that's six months stale exposes capabilities your service no longer offers — which the Agentforce router will hit, fail, and downweight you on. Plan listing-refresh as part of every major release.
• Skipping the Security Review to ship faster. Unmanaged packages and link-out apps surface for read-only retrieval inside Agentforce but get filtered out of write-operation routing. For any non-trivial integration touching customer data, the 8-12 week Security Review pays back through the higher-value half of agent traffic.
• Listing on AppExchange without AgentExchange metadata in 2026. The marginal cost of the AgentExchange tier on top of an existing AppExchange listing is small; the marginal benefit (visibility to Agentforce) is large. Shipping a basic AppExchange listing in 2026 without the AgentExchange tier is the equivalent of shipping a website in 2010 without mobile responsiveness — possible, but visibly stale.
• Hand-rolling Salesforce REST integrations instead of publishing an [MCP server](/learn/agent-protocols/model-context-protocol). Custom REST integrations work until Salesforce's spec updates and you have to retrofit. MCP servers registered through AgentExchange get versioning, governance, and capability declarations as first-class concerns the platform manages.
• Declaring overly-broad scoped permissions. Agentforce's routing layer downweights listings that request broader scopes than their capability requires. Vendors who declare narrow, capability-specific scopes (read-only-Account-name, not read-write-all-objects) earn preferential routing; vendors who declare blanket scopes look like trust risks.
• Treating AgentExchange as Salesforce-only. Salesforce was an A2A launch partner, and AgentExchange listings increasingly carry Agent Card metadata that's callable from non-Salesforce agents via A2A federation. Vendors who publish A2A capability declarations alongside their AgentExchange listing reach traffic that originates outside the Salesforce surface.

Frequently asked

Related

• Platform Ecosystem (FRONTIER HUB) — The parent Frontier. Salesforce is the largest of the B2B platform marketplaces and the first to ship an explicit agent-tier listing.
• Microsoft AppSource (PARAMETER) — The peer marketplace for the Microsoft / Copilot ecosystem. Same model: surface-level listing versus agent-tier listing, Verified Publisher status versus AgentExchange tier.
• HubSpot App Marketplace (PARAMETER) — Smaller scale, same dynamic — a listing-driven agent-discovery layer inside the parent platform's customer base.
• Agent-to-Agent Protocol (PARAMETER) — Salesforce was an A2A launch partner. AgentExchange listings increasingly surface A2A-callable capabilities, not just static integrations.