How we built enterprise search to be secure and private

Slack's enterprise search architecture prioritizes security and privacy when integrating external data sources like Google Drive and GitHub into Slack search.

• •External source data is never stored in Slack's databases; a federated, real-time approach fetches results directly from partner APIs per query.
• •OAuth protocol is used to scope external queries to only data the requesting user can already access in the external system.
• •Slack admins must explicitly opt in each external source, and users must individually grant access before integration; both can revoke at any time.
• •The principle of least privilege is enforced by requesting only read OAuth scopes necessary for search queries.
• •Enterprise search reuses Slack AI's existing infrastructure: LLMs hosted in an escrow VPC on AWS, RAG instead of training on customer data, and no storage of Search Answer summaries.