incident_management · saas · workflow

Slack Engineering: Managing Context in Long-Run Multi-Agent Security Investigations

Complex, long-running multi-agent security investigations overwhelm language model context windows and make coherent multi-agent reasoning difficult. Each agent needs a tailored view of investigation state — if agents are not anchored to the wider team, investigations become disconnected and incoherent, but sharing too much information stifles creativity and encourages confirmation bias.

How it works
Common implementation structure
How this type of workflow is generally built, generalized across documented cases — not tied to any one vendor's stack. Click any stage to read what happens there. Specific products that implement these stages appear in “Tools commonly seen” below.
Stage 1 · Security alert triggers investigation
A security alert initiates an agentic investigation carried out by teams of AI agents.
Tools used
get_tool_callget_tool_resultget_toolset_infolist_toolsetsget_tool_info
Outcome

Three complementary context channels — the Director's Journal, Critic's Review, and Critic's Timeline — maintain coherence across investigation rounds while preserving specialized agent roles, enabling more thorough and trustworthy security investigations than any single agent could produce alone.

Results
Time saved0.83
Volume170,000
Source

https://slack.engineering/managing-context-in-long-run-agentic-applications/

How we source this →

Grounding & classification
Source type: technical build writeup
23 fields verified against source quotes.
agentic workflowai agentmulti agent workflowsummarizationknowledge basebuilder submittedfailure mode describedmetric backedproduction runtime claimedtools describedworkflow describedsoftwareaccuracy improvementtechnical build writeupcompliance monitoringincident managementagentic task execution