Set Up Slack & Teams Alerts for AI Events
Real-time alerting keeps your team informed when AI governance policies trigger blocks, escalations, or anomalies. This guide covers webhook configuration for Slack and Microsoft Teams, including severity-based channel routing and interactive actions.
Use this page when
- You want real-time Slack or Microsoft Teams notifications when policies block, escalate, or redact AI requests.
- You need severity-based channel routing (critical → #ai-critical, warning → #ai-governance, info → #ai-audit).
- You are configuring Keeptrusts webhooks to post directly to Slack Incoming Webhooks or Teams connectors.
- You want formatted message cards with policy name, model, action, and timestamp.
Primary audience
- Primary: Technical Engineers
- Secondary: AI Agents, Technical Leaders
Architecture overview
Keeptrusts API
→ /v1/webhooks (event subscription)
→ event.blocked / escalation.created / event.redacted
→ Webhook delivery
→ Slack Incoming Webhook → #ai-governance channel
→ Teams Incoming Webhook → AI Compliance channel
→ Custom middleware (optional) → route by severity
Prerequisites
- Keeptrusts organization with webhook permissions
- Slack workspace with permission to create apps or incoming webhooks
- Microsoft Teams with permission to add connectors
Slack setup
Option 1 — Incoming webhook (simple)
- In Slack, go to Apps → Manage → Custom Integrations → Incoming Webhooks
- Click Add to Slack, select the target channel
- Copy the webhook URL (format:
https://hooks.slack.com/services/T.../B.../...)
Option 2 — Slack app (recommended for routing)
- Go to api.slack.com/apps and create a new app
- Enable Incoming Webhooks in the app settings
- Add webhook URLs for each target channel:
#ai-critical— blocked requests and high-severity escalations#ai-governance— all policy events#ai-audit— export completions and config changes
Configure in Keeptrusts
Create a webhook via the console or API:
# Via CLI — create a webhook for blocked events
curl -X POST https://api.keeptrusts.com/v1/webhooks \
-H "Authorization: Bearer $KEEPTRUSTS_API_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"url": "https://hooks.slack.com/services/T.../B.../...",
"description": "Slack alerts for blocked requests",
"event_types": ["event.blocked", "escalation.created"],
"active": true
}'
Or from the console: Settings → Webhooks → Create Webhook.
Slack message format
Keeptrusts webhook payloads include structured event data. Use a middleware service or Slack workflow to format messages:
{
"blocks": [
{
"type": "header",
"text": {
"type": "plain_text",
"text": "🚨 AI Request Blocked"
}
},
{
"type": "section",
"fields": [
{ "type": "mrkdwn", "text": "*Policy:*\ncontent-safety" },
{ "type": "mrkdwn", "text": "*Action:*\nblock" },
{ "type": "mrkdwn", "text": "*Model:*\ngpt-4o" },
{ "type": "mrkdwn", "text": "*Time:*\n2026-04-23T10:30:00Z" }
]
},
{
"type": "actions",
"elements": [
{
"type": "button",
"text": { "type": "plain_text", "text": "View in Console" },
"url": "https://console.keeptrusts.com/events/evt_abc123"
},
{
"type": "button",
"text": { "type": "plain_text", "text": "Escalate" },
"url": "https://console.keeptrusts.com/escalations/new?event=evt_abc123"
}
]
}
]
}
Microsoft Teams setup
Incoming webhook connector
- In Teams, go to the target channel → Connectors → Incoming Webhook
- Name the connector (e.g., "Keeptrusts AI Alerts")
- Copy the webhook URL
Configure in Keeptrusts
curl -X POST https://api.keeptrusts.com/v1/webhooks \
-H "Authorization: Bearer $KEEPTRUSTS_API_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"url": "https://outlook.office.com/webhook/...",
"description": "Teams alerts for AI governance",
"event_types": ["event.blocked", "escalation.created", "event.redacted"],
"active": true
}'
Teams Adaptive Card format
{
"type": "message",
"attachments": [
{
"contentType": "application/vnd.microsoft.card.adaptive",
"content": {
"$schema": "http://adaptivecards.io/schemas/adaptive-card.json",
"type": "AdaptiveCard",
"version": "1.4",
"body": [
{
"type": "TextBlock",
"text": "AI Request Blocked",
"weight": "Bolder",
"size": "Large",
"color": "Attention"
},
{
"type": "FactSet",
"facts": [
{ "title": "Policy", "value": "content-safety" },
{ "title": "Action", "value": "block" },
{ "title": "Model", "value": "gpt-4o" },
{ "title": "Time", "value": "2026-04-23T10:30:00Z" }
]
}
],
"actions": [
{
"type": "Action.OpenUrl",
"title": "View in Console",
"url": "https://console.keeptrusts.com/events/evt_abc123"
}
]
}
}
]
}
Channel routing by severity
Use a lightweight middleware service to route events to different channels:
Keeptrusts webhook → Routing service (e.g., AWS Lambda, Cloudflare Worker)
→ severity: critical → #ai-critical (Slack) / AI Critical (Teams)
→ severity: warning → #ai-governance (Slack) / AI Governance (Teams)
→ severity: info → #ai-audit (Slack) / AI Audit (Teams)
Example routing logic (Node.js)
export default async function handler(req) {
const event = req.body;
const severity = event.action === 'block' ? 'critical'
: event.action === 'escalate' ? 'warning'
: 'info';
const channels = {
critical: process.env.SLACK_CRITICAL_WEBHOOK,
warning: process.env.SLACK_GOVERNANCE_WEBHOOK,
info: process.env.SLACK_AUDIT_WEBHOOK,
};
await fetch(channels[severity], {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ text: `[${severity.toUpperCase()}] ${event.summary}` }),
});
return new Response('OK', { status: 200 });
}
Testing your webhook
Verify delivery from the Keeptrusts console:
- Go to Settings → Webhooks
- Select the webhook endpoint
- Click Send Test Event
- Confirm the message appears in your Slack channel or Teams channel
Or use the API:
# List webhooks
curl -s https://api.keeptrusts.com/v1/webhooks \
-H "Authorization: Bearer $KEEPTRUSTS_API_TOKEN" | jq '.items'
Troubleshooting
| Issue | Cause | Fix |
|---|---|---|
| No messages in Slack | Webhook URL incorrect or expired | Regenerate the incoming webhook URL |
| Teams shows "Connector error" | Adaptive Card schema invalid | Validate with Adaptive Cards Designer |
| Duplicate alerts | Multiple webhooks subscribed to same event type | Audit webhook list in Settings → Webhooks |
| Delivery failures in console | Target endpoint returning 4xx/5xx | Check middleware logs and endpoint availability |
For AI systems
- Canonical terms: Keeptrusts webhook,
/v1/webhooks,event.blocked,escalation.created,event.redacted, Slack Incoming Webhook, Microsoft Teams Adaptive Card, severity routing. - Key config: Webhook
event_types: ["event.blocked", "escalation.created"], Slack webhook URL (hooks.slack.com/services/...), Teams connector URL. - Console path: Settings → Webhooks → Create Webhook.
- Best next pages: PagerDuty incident response, Jira workflows, SIEM integration.
For engineers
- Prerequisites: Slack workspace with incoming webhook permission (or a Slack app for multi-channel routing), Teams with connector permission, Keeptrusts organization with webhook permissions.
- Validate: Create a webhook in Settings → Webhooks, click "Send Test Event", confirm message appears in the target channel.
- Severity routing: Use a middleware Lambda/Worker to route by
actionfield:block→ critical channel,escalate→ governance channel,redact→ audit channel. - Troubleshooting: If no messages appear, regenerate the Slack/Teams webhook URL (they expire or get revoked).
For leaders
- Immediate awareness: Teams see AI governance events in their daily communication tools without switching to a separate dashboard.
- Severity triage: Critical blocks page the right channel instantly; lower-severity events log to an audit channel without noise.
- Low setup cost: Direct webhook integration requires no middleware — Keeptrusts posts directly to Slack/Teams for simple setups.
- Escalation bridge: Slack alerts link directly to the Keeptrusts Console for investigation, reducing mean time to acknowledge.
Next steps
- Automate incident response with PagerDuty for on-call escalation
- Create Jira tickets from escalations for issue tracking
- Feed events to your SIEM for centralized logging