Why Notion Chose Workspace-Native Agents Over Specialized Vendors
TRIGGER
Teams evaluating AI automation face a build-vs-buy decision where specialized vendor platforms promise purpose-built features, but require learning new tools, managing separate integrations, and depending on vendor support for customization.
APPROACH
Notion's security team ran a 4-week head-to-head evaluation of their Notion-based agent (Scruff) against leading security automation vendors. Scruff won on: native workspace integration (no context switching), easy prompt updates without dev cycles, MCP integrations with existing stack vs limited pre-built connectors, 95% accuracy on threat classification, and zero training required since team already used Notion daily. Results: 84% reduction in median investigation time for false positives, 93% faster median time to resolution, 6+ hours saved per week, 30% increase in job satisfaction scores.
PATTERN
“Purpose-built vendor platforms optimize for their demo; workspace-native solutions optimize for your actual workflow. The people who use them can fix what breaks without dev cycles.”
✓ WORKS WHEN
- Team already uses the platform daily and has built workflows there
- Customization needs are high and will evolve over time
- Platform offers sufficient extensibility (API access, agent capabilities, integrations)
- Domain experts need to modify agent behavior without engineering support
- Existing data and context already live in the workspace
✗ FAILS WHEN
- Specialized compliance or audit requirements mandate purpose-built security tooling
- Platform's AI/agent capabilities are immature compared to specialized vendors
- Integration needs exceed what MCP or available connectors support
- Team lacks internal expertise to build and maintain custom automation
- Workflow requires capabilities the workspace platform fundamentally can't provide