This vulnerability can allow attackers to steal anything a user puts in a private Slack channel by manipulating the language model used for content generation. This was responsibly disclosed to Slack (more details in Responsible Disclosure section at the end). In this scenario, we display how, via Slack AI, an attacker with access to Slack can exfiltrate data in private channels they are not a par