Threat actors are increasingly abusing the n8n AI workflow automation platform by leveraging its webhook functionality to bypass traditional security filters. These webhooks are embedded in phishing emails to serve CAPTCHA-protected malware payloads, including modified Datto and ITarian RMM tools, or to deploy invisible tracking pixels for device fingerprinting and reconnaissance.