PromptArmor disclosed that an attacker who could post in any public Slack channel — even one with no members — could plant instructions that Slack AI would execute when other users asked it questions. The injected instructions caused Slack AI to pull secrets like API keys from victims' private channels and render them inside clickable attacker-controlled links.
Private-channel data in any Slack AI-enabled workspace was exposed to exfiltration until Slack deployed a patch.
Treat all channel content as untrusted input, restrict AI retrieval to channels the querying user belongs to, and block rendered URLs that embed derived context.
Guardion enforces policy on every agent action inline — with visibility, tamper-evident evidence, and DLP for agents and MCPs.
Request a demo