Threat actors are abusing agentic AI automation platforms to deliver malware and send phishing emails, according to researchers at Cisco Talos. The researchers observed attackers using n8n, a legitimate platform that automates workflows in web apps and services like Slack, GitHub, Google Sheets, and others.
“Talos' investigation found that a primary point of abuse in n8n’s AI workflow automation platform is its URL-exposed webhooks,” the researchers explain. “A webhook, often referred to as a ‘reverse API,’ allows one application to provide real-time information to another. These URLs register an application as a ‘listener’ to receive data, which can include programmatically pulled HTML content....When the URL receives a request, the subsequent workflow steps are triggered, returning results as an HTTP data stream to the requesting application. If the URL is accessed via email, the recipient’s browser acts as the receiving application, processing the output as a webpage.”
These URLs allow attackers to send phishing links that appear legitimate, and can be tailored to specific users.
“Talos has observed a significant rise in emails containing n8n webhook URLs over the past year,” the researchers write. “For example, the volume of these emails in March 2026 was approximately 686% higher than in January 2025. This increase is driven, in part, by several instances of platform abuse, including malware delivery and device fingerprinting....Because webhooks mask the source of the data they deliver, they can be used to serve payloads from untrusted sources while making them appear to originate from a trusted domain. Furthermore, since webhooks can dynamically serve different data streams based on triggering events — such as request header information — a phishing operator can tailor payloads based on the user-agent header.”
Cisco Talos has the story: The n8n n8mare: How threat actors are misusing AI workflow automation
