Security for Slack AI

We take our commitment to protecting customer data seriously. Learn how we built Slack to be secure and private.

Slack is committed to data ownership, security and privacy, and Slack AI has been built to uphold those commitments from day one.

Slack AI security basics

  • Customer data never leaves Slack’s infrastructure.
  • Customer data is never used to train large language models (LLMs).
  • Slack AI only works with data that members can already access.
  • Slack AI upholds all of Slack’s enterprise-grade security and compliance requirements.

Slack AI falls under the same security programme as the rest of Slack. For more information, visit our Trust Centre.



How does Slack AI work?

Slack AI uses third-party large language models (LLMs) hosted within Slack’s secure Amazon Web Services (AWS) infrastructure and the message data that is already in your Slack workspace or Enterprise grid organisation to power a suite of productivity tools personalised to you. When you request a summary or search answer, we use our standard architecture and in-house models to find and sort the most relevant information to summarise. This information is then sent to an LLM. The LLM is offline and self-hosted, meaning that your data never leaves Slack. The LLM generates a response and Slack AI returns the response to you. The LLM does not retain any information from the request.

What type of AI model does your system use, and is it explainable?

Slack AI is a set of generative AI tools and uses a commercial off-the-air model that hasn’t been trained on customer data.

Is my Slack data used to train third-party AI models?

No. No customer data is used to train third-party LLM models. Instead, we use a technique called Retrieval Augmented Generation (RAG) that sends the data necessary for each task to the LLM at inference time only – no training required. Because this data is sent in the context of a single request, the LLM does not retain any of the data.

Will Slack AI show private data that members don’t have access to?

Slack AI only uses Slack data that members have access to at the time of request, and won’t display or use data from private channels or DMs that they aren’t a member of. For example, Slack search answers will never surface any results that Slack’s regular search would not. Similarly, summaries will never contain content that you could not otherwise see while reading channels or direct messages (DMs).

How does Slack AI protect the security of our data?

Slack AI was built to uphold Slack’s security practices and compliance standards. Where possible, Slack AI messages are ephemeral – meaning that messages disappear and they aren’t stored on devices or servers. Where that’s not possible, we use Slack’s existing compliance infrastructure, such as Enterprise Key Management, data residency and data loss prevention.

How long will Slack AI retain data?

Conversation summaries and search answers

Conversation summaries and search answers produce ephemeral AI responses (i.e. responses will eventually disappear when you navigate away or close the results), and that data is not stored on devices or servers.


Recap data is stored temporarily so that you can revisit past recap history. Recap data will be stored for up to 90 days. If messages used in the recap are deleted or tombstoned (i.e. a record shows that data was deleted) by any deletion or compliance policy, the stored recap will also be deleted.

How does Slack AI prevent misleading information (or AI ‘hallucinations’)?

Slack AI results include citations to the source message that informed the summary or search answer. Select a citation to jump to the original message and review it for more details or verification. Additionally, Slack AI LLM prompts follow best practices from our model provider to ensure accurate, consistent and safe results.

Can I turn off Slack AI or limit access?

Yes – when you purchase Slack AI, it’s turned on by default but admins and owners can manage access if they need to.

Want to learn more about Slack AI? Visit