How We Built Slack AI To Be Secure and Private

At Slack, we’ve long been conservative technologists. In other words, when we invest in leveraging a new category of infrastructure, we do it rigorously. We’ve done this since we debuted machine learning-powered features in 2016, and we’ve developed a robust process and skilled team in the space. Despite that, over the past year we’ve been…

Kelly Moran
9 min readintermediate
--
View Original

Overview

The article discusses the development of Slack AI with a focus on ensuring security and privacy for customer data. It outlines the principles guiding the architecture and implementation of AI features while maintaining compliance with existing security standards.

What You'll Learn

1

How to ensure customer data remains within Slack's trust boundary while using AI

2

Why using off-the-shelf models is beneficial for privacy in AI applications

3

How to implement Retrieval Augmented Generation (RAG) in AI features

Prerequisites & Requirements

  • Understanding of AI and machine learning concepts
  • Experience with security compliance in software development(optional)

Key Questions Answered

How does Slack ensure customer data privacy in its AI features?
Slack ensures customer data privacy by implementing principles that prevent data from leaving its trust boundary, using off-the-shelf models without training on customer data, and ensuring AI only operates on data visible to the user. This approach maintains compliance with security standards and protects user data.
What are the principles guiding the development of Slack AI?
The development of Slack AI is guided by principles such as ensuring customer data never leaves Slack's trust boundary, not training large language models on customer data, operating only on visible data, and upholding enterprise-grade security and compliance requirements.
What is Retrieval Augmented Generation (RAG) and how is it used in Slack AI?
Retrieval Augmented Generation (RAG) is a method where all context needed for a task is included in each request, allowing the model to remain stateless. This approach is used in Slack AI to summarize messages and ensure that outputs are based on the company's knowledge base without retaining user data.
Why did Slack choose not to train large language models on customer data?
Slack chose not to train large language models on customer data due to the young state of the generative AI industry, which made it difficult to guarantee data privacy. Instead, they opted for off-the-shelf models to ensure compliance with their privacy principles.

Key Statistics & Figures

User productivity increase with AI adoption
90%
This statistic highlights the significant productivity boost reported by users who adopted AI features compared to those who did not.

Technologies & Tools

Some links below are affiliate links. We may earn a commission if you make a purchase.

Key Actionable Insights

1
Implementing AI features requires a robust understanding of data privacy principles to protect customer information.
As organizations adopt AI, they must prioritize data stewardship and compliance to build trust with users and avoid potential legal issues.
2
Using off-the-shelf models can streamline AI implementation while maintaining privacy standards.
This approach allows teams to leverage existing technology without the risks associated with training models on sensitive data.
3
Adopting Retrieval Augmented Generation (RAG) can enhance the relevance of AI outputs.
By ensuring that AI responses are grounded in proprietary data, organizations can provide more accurate and useful insights to users.

Common Pitfalls

1
Failing to ensure that customer data remains within the trust boundary can lead to significant privacy violations.
Organizations must implement strict controls and use trusted infrastructure to prevent unauthorized access to sensitive data.
2
Training AI models on customer data without proper safeguards can compromise user trust and compliance.
It's crucial to adhere to privacy principles and avoid practices that could expose customer information to third parties.

Related Concepts

Data Privacy In AI
Security Compliance In Software Development
Generative AI Principles