• Slack’s Security Engineering team is responsible for protecting Slack’s core infrastructure and services. • Our security event ingestion pipeline handles billions of events per day from a diverse array of data sources. • Reviewing alerts produced by our security detection system is our primary responsibility during on-call shifts. • We’re going to show you how we’re using AI agents to optimize our working efficiency and strengthen Slack’s security defenses. • This post is the first in a series that will unpack some of the design choices we’ve made and the many things we’ve learnt along the way. • The Development Process The Prototype At the end of May 2025 we had a rudimentary prototype of what would grow into our service.

Article Summaries:

  • Slack’s Security Engineering team is responsible for protecting Slack’s core infrastructure and services. Our security event ingestion pipeline handles billions of events per day from a diverse array of data sources. Reviewing alerts produced by our security detection system is our primary responsibility during on-call shifts. We’re going to show you how we’re using AI agents to optimize our working efficiency and strengthen Slack’s security defenses. This post is the first in a series that will unpack some of the design choices we’ve made and the many things we’ve learnt along the way. The De
  • Slack’s Security Engineering team has begun deploying AI agents to streamline the review of billions of daily security events. In May 2025 the team built a prototype that used a single 300‑word prompt to instruct a language model to investigate alerts. The prototype produced mixed results, sometimes delivering insightful cross‑source analysis but often jumping to weak conclusions. To gain consistent, controllable behavior the team re‑architected the workflow into a series of discrete model calls, each with a JSON‑schema‑defined output. This task‑based, structured‑output approach, inspired by recent research on meta‑prompting and cognitive synergy, gives the team precise control over each investigation step and improves reliability.

Sources: