n8n AI agent builder

Enterprise

n8n

Product overview

Name of Agent: n8n AI agent builder
Short description of agent: "Practical agentic workflows for your most important processes" (link, archived)
Date of release: 2025/07/14 (link, archived)
Advertised use: Multi-agent systems, deep research and data mining, accuracy-critical information retrieval, complex task planning and breakdown. Summarised (link, archived)
Monetisation/Usage price: (25,, archived) (60,, archived) includes AI workflow builder (800, archived)
Who is using it?: enterprises, also available to self host
Category: Enterprise

Company & accountability

Developer: n8n
Name of legal entity: n8n GmbH
Place of legal incorporation: Berlin Germany (link, archived)
For profit company?: Yes
Parent company?: n8n
Governance documents analysis: ToS (link, archived)
AI safety/trust framework: Many policies (Locked) (link, archived)
Compliance with existing standards: GDPR, SOC2, SOC3 (link, archived)

Technical capabilities & system architecture

Model specifications: User can pick between different base models (link, archived)
Observation space: Text and images (link, archived) from various sources including user specifies vector databases (see (here, archived)).
Action space: Can take actions using a large array of tools, details (here, archived).
Memory architecture: Supports a variety of different memory mechanisms, details (here, archived).
User interface and interaction design: Node-based canvas interface for design, chatbot to test
User roles: Designer, Operator, Executor, Examiner
Component accessibility: Code released under license (link)

Autonomy & control

Autonomy level and planning depth: L1: user has full control over how to design the agent and is directly manipulating the canvas. Resulting agents are L4: their actions can be gated by user approval/disapprovals
User approval requirements for different decision types: Can trigger an agent action when a chat message is received from a user or another agent, can also trigger agent actions based on approve/decline user actions
Execution monitoring, traces, and transparency: Unclear if the reasoning is enabled in models that power the agents
Emergency stop and shut down mechanisms and user control: Doesn't seem to be an option to stop agent after it starts running
Usage monitoring and statistics and patterns: Unclear, but insights tab in n8n might be for usage monitoring?

Ecosystem interaction

Identify to humans?: None by default. Users creating n8n Agents can watermark images (link, archived) and create workflows that label artifacts as AI generated
Identifies technically?: None, n8n Agents call the outside world via workflow nodes (especially the HTTP Request node and integration nodes), which use standard HTTP with headers that the workflow author can configure. Community evidence suggests defaults like axios/xx or n8n for some nodes ((link, archived), (link, archived))
Interoperability standards and integrations: - MCP support (built-in MCP server, MCP Server Trigger, MCP Client Tool), and n8n integrates with LangChain and various LLM providers. ((link, archived), (link, archived))
Web conduct: Not applicable, as there is not an n8n crawler described in their docs. Instead, users (or organizations) build workflows that might scrape the web via HTTP Request nodes or external crawling services (link, archived)

Safety, evaluation & impact

Technical guardrails and safety measures: n8n provides a built-in Guardrails node to enforce safety/security/content policies by validating user input before sending to a model and/or checking model output before downstream use (link, archived)
Sandboxing and containment approaches: For code executions, task runners are run independently in VMs (link, archived)
What types of risks were evaluated?: None found
(Internal) safety evaluations and results: None found
Third-party testing, audits, and red-teaming: None found
Benchmark performance and demonstrated capabilities: None found
Bug bounty programmes and vulnerability disclosure: Unclear, there only seems to be an email address (link, archived)
Any known incidents?: None found
← Back to 2025 Index