Artificial intelligence (AI) is core to the Slack product experience, and our commitment to data security and privacy is fundamental to everything we do. Slack’s native AI features have been built to uphold these commitments. Here’s an overview: 

• Customer data never leaves Slack-controlled infrastructure and is never used to train large language models (LLMs). For more information, read our AI Principles. 
• AI features in Slack only work with data that members have access to and uphold all of Slack's enterprise-grade security and compliance requirements. 
• Slack AI Guardrails provide a multi-layered security framework for our AI features, including the new version of Slackbot, that uphold data privacy and mitigate risks of misuse. Review our FAQ below for more details. 

FAQs

How do AI features in Slack work?

Slack uses third-party large language models (LLMs) hosted within our secure cloud  infrastructure and the data already in your Slack workspace or organization to power a suite of personalized AI productivity tools. When you use Slack’s native AI features, we apply in-house ranking models (running on our standard, secure architecture) to find and sort the most relevant information. When LLMs generate a response, information is included in the inference request, but they do not retain information once the request has been processed. 

Is my Slack data used to train LLMs?

Customer data is never used to train third-party LLMs. Instead, we use a technique called Retrieval Augmented Generation (RAG) that sends only the data necessary for each task to the LLM at the time of inference. With RAG, data is sent in the context of inference requests. While the model may temporarily cache the data, it cannot store the data in a database or on disk.

How do Slack’s AI features respect channel and message privacy?

Slack’s AI features only use Slack data that members have access to at the time of request and won’t display or use data from private channels or direct messages (DMs) they aren’t a part of. For example, AI searches will never surface any results that Slack’s regular search would not. Similarly, summaries and Slackbot responses will never contain content that you could not otherwise see while reading channels or DMs.

What are Slack AI Guardrails?

Slack AI Guardrails are multi-layered measures designed to uphold data privacy, mitigate risks of misuse, and align with enterprise-grade security standards. Here’s what they include: 

• Content thresholds to prevent hallucination
• Prompt engineering with explicit safety instructions
• Context engineering to reduce the risk of prompt injection
• URL filtering to prevent phishing attacks
• Output format validation
• Content safety filters

Our content safety filters apply an additional layer of protection to Slack features that rely on user-generated inputs like search answers and Slackbot to mitigate risks associated with misuse and malicious inputs. 

How does Slack prevent irrelevant or incorrect information in AI responses?

Responses from Slack’s AI features may include citations to the source message that informed the answer. Select a citation to jump to the original message and review it for more details or verification. Slack employs a quality monitoring system that evaluates AI outputs, alerting the team to regressions in quality once these evaluations detect hallucinations or other evaluation metrics. Additionally, prompts sent to LLMs during AI feature usage follow best practices from our model providers to ensure accurate, consistent, and safe results. 

How long will AI features in Slack retain data?

Conversation summaries and search answers

Summaries and search answers produce ephemeral AI responses (ex., responses will eventually disappear when you navigate away or close out the result), and that data is not stored on devices or servers.

Recaps

Recap data is stored for 90 days so that you can temporarily revisit past recap history. If messages used in the recap are deleted or tombstoned (ex., a record to show data was deleted) by any deletion or compliance policy, the stored recap will also be deleted.

Channel summaries generated by a workflow

Unlike the conversation summaries that users generate for themselves, when you generate a channel summary with the Summarize public channels workflow step, the resulting summary is not an ephemeral AI response. Depending on the workflow’s subsequent steps, the channel summary can be sent as a message to a conversation, or added to and stored in a canvas. In these situations, the message or canvas containing the AI generated summary will be retained in Slack according to your organization’s data retention settings. 

Can I turn off AI features or limit access?

Yes. Owners and admins can decide which AI features members of their workspace or Enterprise organization can use. On Enterprise plans, Org Owners and Admins can also limit access to AI features to certain users and groups. Head to Manage access to AI features in Slack for more details.