Post

Automating Phishing Triage with n8n and Guardrailed LLMs

Posted
By Nathan Berg
1 min read
Automating Phishing Triage with n8n and Guardrailed LLMs

Phishing queues are ideal automation candidates: repetitive, high volume, and rich in semi-structured text. n8n plus an LLM can classify, enrich, and prioritize reports quickly.

The key is guardrails. Never allow the model to directly quarantine mailboxes or block domains without deterministic checks and analyst approval thresholds.

Context

Problem: Manual phishing triage is slow, but naive AI automation can produce risky false positives. Approach: Use n8n for orchestration, LLMs for summarization, and rules for final enforcement. Outcome: Faster triage with controlled remediation risk.

Threat model and failure modes

  • Model misclassification causing business-email disruption.
  • Prompt injection from email body or headers.
  • Untrusted URLs triggering unsafe enrichment behavior.
  • Workflow loops that repeatedly reprocess same message.

Control design

  • Sanitize and truncate untrusted email content before model input.
  • Use URL detonation/sandbox lookups in isolated services.
  • Require analyst approval for tenant-wide blocking actions.
  • Deduplicate by message-id and hash to stop loop processing.
  • Track precision/recall metrics and tune prompts monthly.

Implementation pattern

Split the workflow into three stages: extraction, enrichment, and recommendation. Keep enforcement in a separate branch with hard conditions and approval checks.

1
2
3
4
5

Workflow stages
1) Ingest: parse report, normalize headers, hash artifacts
2) Enrich: domain reputation, attachment scan, LLM summary
3) Decide: confidence >= threshold ? recommend action : analyst review

Research and standards

These controls align well with guidance from OWASP Top 10 for LLM Applications, NIST AI RMF practices, and MITRE ATLAS adversarial behavior patterns.

Validation checklist

  • Replay known phishing and benign corp email samples for accuracy.
  • Inject malicious prompt text in email body and verify neutral handling.
  • Test deduplication with repeated forwards of same message.
  • Audit every automated block for policy compliance.
  • Measure mean triage time before and after automation rollout.

Takeaways

Phishing automation works best when the LLM informs decisions and deterministic policy enforces them.

blog
n8n phishing llm soc security
This post is licensed under CC BY 4.0 by the author.