Slack Speeds Up Security Investigations with a Multi-Agent Architecture
Slack's security engineering team explains how it evolved a simple prompt prototype into a structured multi-agent system with Director, Expert, and Critic roles.
Slack's Security Engineering team describes the AI agent system they built to triage security alerts. The project started in late May 2025 as a simple 300-word prompt prototype, but this approach proved inconsistent—sometimes yielding sharp cross-referenced insights, other times jumping to unsupported conclusions. The team found that refining prompts alone couldn't provide the fine-grained control needed for reliable investigations.
Their solution was to decompose the investigation into a chain of separate model invocations, each with a single purpose and a structured JSON output. Drawing on research into meta-prompting (Stanford/OpenAI) and multi-persona collaboration (Microsoft Research), they designed three persona categories: a Director that drives the investigation, domain Expert agents (Access, Cloud, Code, and Threat) that produce findings, and a Critic that scores the credibility of those findings. This weakly adversarial Director-Expert-Critic loop helps curb hallucinations and inconsistent evidence interpretation.
The architecture also implements a 'knowledge pyramid,' letting token-heavy expert analysis run on cheaper models while reserving costlier models for the Critic's synthesis and the Director's high-level reasoning. Investigations are further split into phases—starting with a discovery phase—so the Director can adaptively progress the process. The design offers a concrete blueprint for how security teams can make LLM-driven automation both reliable and scalable.