The n8n n8mare: How threat actors are misusing AI workflow automation

Cisco Talos researchers identified a significant surge in phishing campaigns abusing the n8n AI workflow automation platform between October 2025 and March 2026. Threat actors leverage n8n webhooks to mask malicious payloads, bypassing traditional security filters by appearing to originate from trusted infrastructure. These campaigns deliver malware and perform device fingerprinting through automated emails mimicking legitimate services like Microsoft OneDrive. The abuse involves URL-exposed webhooks that trigger workflows upon user interaction, often requiring CAPTCHA completion before downloading executable files. This technique allows attackers to tailor payloads based on user-agent headers. Organizations should exercise caution with emails containing automation platform links and implement strict filtering for webhook URLs. Security teams must update detection rules to identify suspicious n8n domain usage and educate users on recognizing socially engineered content disguised as productivity tool notifications to mitigate the risk of persistent remote access and malware infection.

Cisco Talos research has uncovered agentic AI workflow automation platform abuse in emails. Recently, we identified an increase in the number of emails that abuse n8n, one of these platforms, from as early as October 2025 through March 2026.

Cisco Talos researchers identified a significant surge in phishing campaigns abusing the n8n AI workflow automation platform between October 2025 and March 2026. Threat actors leverage n8n webhooks to mask malicious payloads, bypassing traditional security filters by appearing to originate from trusted infrastructure. These campaigns deliver malware and perform device fingerprinting through automated emails mimicking legitimate services like Microsoft OneDrive. The abuse involves URL-exposed webhooks that trigger workflows upon user interaction, often requiring CAPTCHA completion before downloading executable files. This technique allows attackers to tailor payloads based on user-agent headers. Organizations should exercise caution with emails containing automation platform links and implement strict filtering for webhook URLs. Security teams must update detection rules to identify suspicious n8n domain usage and educate users on recognizing socially engineered content disguised as productivity tool notifications to mitigate the risk of persistent remote access and malware infection. Cisco Talos research has uncovered agentic AI workflow automation platform abuse in emails. Recently, we identified an increase in the number of emails that abuse n8n, one of these platforms, from as early as October 2025 through March 2026. Cisco Talos research has uncovered agentic AI workflow automation platform abuse in emails. Recently, we identified an increase in the number of emails that abuse n8n, one of these platforms, from as early as October 2025 through March 2026. In this blog, Talos provides concrete examples of how threat actors are weaponizing legitimate automation platforms to facilitate sophisticated phishing campaigns, ranging from delivering malware to fingerprinting devices. By leveraging trusted infrastructure, these attackers bypass traditional security filters, turning productivity tools into delivery vehicles for persistent remote access. AI workflow automation platforms such as Zapier and n8n are primarily used to connect different software applications (e.g., Slack, Google Sheets, or Gmail) with AI models (e.g., OpenAI’s GPT-4 or Anthropic’s Claude). These platforms have been applied to different application domains, including cybersecurity over the past few months, especially with the progress that has been made in new avenues like large language models (LLMs) and agentic AI systems. However, much like other legitimate tools, AI workflow automation platforms can be weaponized to orchestrate malicious activities, like delivering malware by sending automated emails. This blog describes how n8n, one of the most popular AI workflow automation platforms, has been abused to deliver malware and fingerprint devices by sending automated emails. What is n8n? N8n is a workflow automation platform that connects web applications and services (including Slack, GitHub, Google Sheets, and others with HTTP-based APIs) and builds automated workflows. A community-licensed version of the platform can be self-hosted by organizations. The commercial service, hosted at n8n.io, includes AI-driven features that can create agents capable of using web-based APIs to pull data from documents and other data sources. Users can register for an n8n developer account at no initial charge. Doing so creates a subdomain on “tti.app.n8n[.]cloud” from which the user’s applications can be accessed. This is similar to many web-based AI-aided development tools, and one that malicious actors have harnessed elsewhere in the past; earlier this year, Talos observed another AI-oriented web application service, Softr.io, being used for the creation of phishing pages used in a series of targeted attacks. How n8n’s webhooks work Talos' investigation found that a primary point of abuse in n8n’s AI workflow automation platform is its URL-exposed webhooks. A webhook, often referred to as a “reverse API,” allows one application to provide real-time information to another. These URLs register an application as a “listener” to receive data, which can include programmatically pulled HTML content. An example of an n8n webhook URL is shown in Figure 1. Figure 1. Anatomy of an example n8n webhook URL. When the URL receives a request, the subsequent workflow steps are triggered, returning results as an HTTP data stream to the requesting application. If the URL is accessed via email, the recipient’s browser acts as the receiving application, processing the output as a webpage. Talos has observed a significant rise in emails containing n8n webhook URLs over the past year. For example, the volume of these emails in March 2026 was approximately 686% higher than in January 2025. This increase is driven, in part, by several instances of platform abuse, including malware delivery and device fingerprinting, as we will discuss in the next sections. Figure 2. The prevalence of n8n webhook URLs in emails over the past few months. Abusing n8n for malware delivery...