It's probably way too early for us to know what's really happened here. If you're unfamiliar with this stuff, you should know that Salesforce has a large and relatively savvy security team, including people who have presented at offensive security conferences in the past.
There's a lot of weirdness in the reporting here; for instance, the notion that Salesforce management had a meeting with members of their own team under "Chatham House rules".
I wasn't familiar with "Chatham House rules". But it is allows members to present controversial arguments but prevents anyone from associating their arguments to them after the fact. For example, I can cite the argument later but not say who made the argument in order to prevent them from political repercussions. https://en.m.wikipedia.org/wiki/Chatham_House_Rule
Certainly very weird that the environment was that charged politically that these rules were needed.
Red Team operations can be very controversial as they risk impacting day-to-day operations and data integrity, and can have legal repercussions. I expect they would have this sort of meetings relatively often, regardless of this particular case.
There's a lot of weirdness in the reporting here; for instance, the notion that Salesforce management had a meeting with members of their own team under "Chatham House rules".