Slack Engineering: Managing Context in Long-Run Multi-Agent Security Investigations
Complex, long-running multi-agent security investigations overwhelm language model context windows and make coherent multi-agent reasoning difficult. Each agent needs a tailored view of investigation state — if agents are not anchored to the wider team, investigations become disconnected and incoherent, but sharing too much information stifles creativity and encourages confirmation bias.
Three complementary context channels — the Director's Journal, Critic's Review, and Critic's Timeline — maintain coherence across investigation rounds while preserving specialized agent roles, enabling more thorough and trustworthy security investigations than any single agent could produce alone.
Frequently asked questions
What did this team achieve with this AI workflow?
Three complementary context channels — the Director's Journal, Critic's Review, and Critic's Timeline — maintain coherence across investigation rounds while preserving specialized agent roles, enabling more thorough a…
What tools did this team use?
get_tool_call, get_tool_result, get_toolset_info, list_toolsets, get_tool_info.
What results were reported?
Total findings reviewed: 170,000; findings classified Trustworthy (score 0.9–1.0): 37.7%; Findings below plausibility threshold: slightly over a quarter; specimen Timeline confidence score: 0.83 (source-reported, not independently verified).
How is this incident management AI workflow structured?
Security alert triggers investigation → Director orchestrates via Journal → Expert agents gather evidence → Critic reviews findings for credibility → Critic assembles consolidated Timeline → Director concludes or continues.