We built an agentic security investigation service to help us research alerts as part of our mission to keep Slack secure and protect our customers. Our service deploys teams of AI agents that collaboratively perform security investigations. AI agents free human analysts from tedious data gathering tasks. Over just the first quarter of their deployment, our agents have performed over 7,500 investigations, issuing over 500,000 tool calls. Our agents are enabling us to gain unprecedented real-time insight into Slack’s infrastructure in a way we could never do with human labor alone.

The Slack Blog serves as a resource for teams and developers looking to make the most out of Slack, a popular collaboration platform. The blog covers a wide range of topics related to Slack usage, including tips and tricks for effective communication, productivity hacks, and best practices for managing teams and projects. Developers can learn how to leverage Slack's API and integrations to automate workflows, build custom bots, and enhance team collaboration. With insights from industry experts and real-world use cases, the Slack Blog provides resources to help developers unlock the full potential of Slack for their projects and teams.

Slack engineering

Slack's Security Engineering team built an agentic AI system to automate security alert investigations. The system uses multiple AI personas (Director, Expert, and Critic agents) working collaboratively through structured outputs and defined phases (Discovery, Trace, Conclude). Over 7,500 investigations were performed in the first quarter, with agents making spontaneous discoveries like credential exposures that human analysts might miss. The architecture includes a Hub API, scalable Workers, and a real-time Dashboard, enabling security analysts to supervise investigations rather than manually gather evidence.

Streamlining Security Investigations with Agents