How We Constructed Slack AI To Be Safe and Personal

At Slack, we’ve lengthy been conservative technologists. In different phrases, once we spend money on leveraging a brand new class of infrastructure, we do it rigorously. We’ve achieved this since we debuted machine learning-powered options in 2016, and we’ve developed a strong course of and expert group within the area.

Regardless of that, over the previous 12 months we’ve been blown away by the rise in functionality of commercially obtainable giant language fashions (LLMs) — and extra importantly, the distinction they may make for our customers’ largest ache factors. An excessive amount of to learn? Too laborious to seek out stuff? Not anymore — 90% of users who adopted AI reported a better stage of productiveness than those that didn’t.

However as with all new expertise, our means to launch a product with AI relies on discovering an implementation that meets Slack’s rigorous requirements for buyer knowledge stewardship. So we got down to construct not simply superior AI options, however superior and trusted AI.

The generative mannequin business is kind of younger; it’s nonetheless largely research-focused, and never enterprise-customer targeted. There have been few current enterprise-grade safety and privateness patterns for us to leverage when constructing out the brand new Slack AI structure.

As a substitute, to tell how we constructed out Slack AI, we began from first ideas. We started with our necessities: upholding our current safety and compliance choices, in addition to our privacy principles like “Buyer Knowledge is sacrosanct.” Then, by means of the particular lens of generative AI, our group created a brand new set of Slack AI ideas to information us.

  • Buyer knowledge by no means leaves Slack.
  • We don’t prepare giant language fashions (LLMs) on buyer knowledge.
  • Slack AI solely operates on the info that the person can already see.
  • Slack AI upholds all of Slack’s enterprise-grade safety and compliance necessities.

These ideas made designing our structure clearer, though generally more difficult. We’ll stroll by means of how every of those knowledgeable what Slack AI appears to be like like immediately.

Buyer knowledge by no means leaves Slack

The primary, and maybe most necessary, resolution we confronted was how to make sure that we may use a top-tier foundational mannequin whereas by no means permitting buyer knowledge to depart Slack-controlled VPCs. Within the generative mannequin business, most prospects of foundational fashions have been calling the hosted companies immediately, and various choices have been scarce.

We knew this strategy wouldn’t work for us. Slack, and our prospects, have excessive expectations round data ownership. Particularly, Slack is FedRAMP High authorized, which confers particular compliance necessities, together with not sending buyer knowledge exterior of our belief boundary. We needed to make sure our knowledge didn’t go away our AWS Digital Personal Cloud (VPC) in order that we may assure that third events wouldn’t have the flexibility to retain it or prepare on it.

So we started to search for artistic options the place we may host a foundational mannequin on our personal infrastructure. Nevertheless, most foundational fashions are closed-source: Their fashions are their secret sauce, they usually don’t like handy them to prospects to deploy on their very own {hardware}.

Fortuitously, AWS has an providing the place it may be the trusted dealer between foundational mannequin supplier and buyer: AWS SageMaker. Through the use of SageMaker, we’re in a position to host and deploy closed-source giant language fashions (LLMs) in an escrow VPC, permitting us to manage the lifecycle of our prospects’ knowledge and make sure the mannequin supplier has no entry to Slack’s prospects’ knowledge. For extra on how Slack is utilizing SageMaker, check out this post on the AWS blog.

And there we had it: We had entry to a prime tier foundational mannequin, hosted in our personal AWS VPC, giving us assurances on our buyer knowledge.

Slack AI architecture diagram

We don’t prepare giant language fashions (LLMs) on buyer knowledge

The subsequent resolution was additionally key: We selected to make use of off-the-shelf fashions as an alternative of coaching or fine-tuning fashions. We’ve had privacy principles in place since we started using extra conventional machine studying (ML) fashions in Slack, like those that rank search outcomes. Amongst these ideas are that knowledge is not going to leak throughout workspaces, and that we provide prospects a alternative round these practices; we felt that, with the present, younger state of this business and expertise, we couldn’t make sturdy sufficient ensures on these practices if we skilled a generative AI mannequin utilizing Slack’s prospects’ knowledge.

So we made the selection to make use of off-the-shelf fashions in a stateless method by using Retrieval Augmented Technology (RAG). With RAG, you embrace the entire context wanted to carry out a job inside every request, so the mannequin doesn’t retain any of that knowledge. For instance, when summarizing a channel, we’ll ship the LLM a immediate containing the messages to be summarized, together with directions for a way to take action. The statelessness of RAG is a big privateness profit, nevertheless it’s a product profit as effectively. All of Slack AI’s outcomes are grounded in your organization’s data base — not the general public Web – which makes the outcomes extra related and correct. You get the good thing about incorporating your proprietary and particular person knowledge set with out the chance of a mannequin retaining that knowledge.

Utilizing RAG can slim down the set of fashions you should use; they should have “context home windows” giant sufficient so that you can cross in all the info you wish to use in your job. Moreover, the extra context you ship an LLM, the slower your request will likely be, because the mannequin must course of extra knowledge. As you possibly can think about, the duty of summarizing all messages in a channel can contain fairly a bit of knowledge.

This posed a problem for us: Discover a top-tier mannequin with a big context window with pretty low latency. We evaluated various fashions and located one which suited our first use circumstances, summarization and search, effectively. There was room for enchancment, although, and we started a protracted journey of each immediate tuning and chaining extra conventional ML fashions with the generative fashions to enhance the outcomes.

RAG is getting simpler and sooner with every iteration of fashions: Context home windows are rising, as is the fashions’ means to synthesize knowledge throughout a big context window. We’re assured that this strategy can get us each the standard we’re aiming for whereas serving to guarantee our prospects’ knowledge is protected.

Slack AI solely operates on the info that the person can already see

It’s one in every of our core tenets that Slack AI can solely see the identical knowledge that the requesting person can see. Slack AI’s search characteristic, for instance, won’t ever floor any outcomes to the person that normal search wouldn’t. Summaries won’t ever summarize content material that the person couldn’t in any other case see whereas studying channels.

We guarantee this by utilizing the requesting person’s Entry Management Checklist (ACLs) when fetching the info to summarize or search and by leveraging our current libraries that fetch the info to show in channel or on the search outcomes web page.

This wasn’t laborious to do, technically talking, nevertheless it wanted to be an specific alternative; one of the simplest ways to ensure this was to construct on prime of, and reuse, Slack’s core characteristic units whereas including some AI magic on the finish.

It’s price noting, too, that solely the person who invokes Slack AI can see the AI-generated output. This builds confidence that Slack is your trusted AI companion: Solely the info that you may see goes in, after which solely you possibly can see the output.

Slack AI upholds all of Slack’s enterprise-grade safety and compliance necessities

There’s no Slack AI with out Slack, so we ensured that we built-in all of our enterprise grade compliance and safety choices. We observe the precept of least knowledge: We retailer solely the info wanted to finish the duty, and just for the length vital.

Generally the least knowledge is: None. The place potential, Slack AI’s outputs are ephemeral: Dialog summaries and search solutions all generate point-in-time responses that aren’t saved on disk.

The place that’s not potential, we reused as a lot of Slack’s current compliance infrastructure as potential, and constructed new assist the place we needed to. A lot of our compliance choices come in-built with our current infrastructure, akin to Encryption Key Administration and Worldwide Knowledge Residency. For others, we in-built particular assist to be sure that derived content material, like summaries, are conscious of the messages that went into them; for instance, if a message is tombstoned due to Knowledge Loss Safety (DLP), any summaries derived from that message are invalidated. This makes DLP and different administrative controls highly effective with Slack AI: The place these controls have been already energetic on Slack’s message content material, they’re additionally energetic Slack AI outputs.


Whew — that was a protracted journey! And I didn’t even get to take you thru how we construct prompts, consider fashions, or deal with spiky demand; we’ll save that for subsequent time. However I’m glad we began right here, with safety and privateness: We would like our prospects to understand how significantly we take defending their knowledge, and the way we’re safeguarding it every step of the best way.

 

Focused on serving to us construct Slack’s AI capabilities? We’re hiring! Apply now