A production workflow that automatically classifies enterprise AI use cases by risk tier, routes them to the right approver, and logs every decision to an immutable audit trail.
Every enterprise AI program has the same intake problem: business teams submit AI requests however they want — email, Slack, meetings — and the central AI team becomes a concierge reacting to whoever shouts loudest. Nothing is prioritized by risk. Nothing is tracked. When an incident occurs, there's no audit trail.
This workflow fixes that. Every AI use case request hits a single endpoint. Claude classifies the risk automatically. The right approver gets notified immediately. Every decision is logged. The central AI team never touches a LOW-risk request — it's auto-approved and queued for build. Their capacity goes to HIGH and CRITICAL cases that actually need expert judgment.
"Risk tiering is automated at intake, not manual at deployment. Most requests never reach the governance bottleneck. Speed of the official path matches speed of the workaround."
Seven nodes. One Claude API call. Four routing paths. Every request exits with a risk tier, approval decision, assigned approver, and audit log entry.
Claude evaluates eleven intake fields and assigns a risk tier. The tier determines the approval path automatically — no human judgment required for routing.
Internal productivity tools. No sensitive data. Limited automation. Reversible actions. Build queue immediately.
Internal business data. Moderate automation. Some human review required in the workflow.
Sensitive data. Significant automation. Regulatory implications. External vendor AI involved.
PII at scale. Financial decisions. Healthcare data. Legal implications. Fully autonomous with irreversible consequences.
Business team submits use case details via webhook endpoint. Required: title, business unit, problem statement, data sources, expected outcome. Optional fields add classification precision.
Required fields are checked. Missing fields return an immediate error. Intake object is structured with a unique ID and timestamp. No malformed requests reach the AI classifier.
Structured prompt sends all eleven intake fields to Claude Haiku. Temperature set to 0 for deterministic output. Claude returns JSON: risk tier, risk score 1-10, primary risk factors, required controls, approval path, estimated review days, classification rationale, next steps.
Claude's JSON response is parsed and merged with the intake object. If Claude returns non-JSON for any reason, fallback logic triggers MEDIUM tier and flags for manual review — the system never silently fails.
IF nodes check risk tier. LOW → auto-approve, add to build queue. MEDIUM → identify business unit manager, set 3-day deadline. HIGH → AI Governance Board, list required documentation. CRITICAL → CISO + Legal + Board, place on HOLD, notify CTO.
Every request — regardless of risk tier — generates an audit log entry. Fields: audit ID, intake ID, timestamp, submitter, risk tier, risk score, approval decision, approver, risk factors, controls, rationale. Immutable record for compliance.
Webhook response delivers: intake ID, risk tier, risk score, approval decision, assigned approver, estimated review days, next action, plain-language message to submitter, required controls, primary risk factors.
// POST https://your-n8n-instance.com/webhook/ai-intake { "use_case_title": "Customer Email Sentiment Classifier", "business_unit": "Sales", "problem_statement": "Sales reps spend 2 hours/day manually triaging customer emails. We want AI to classify sentiment and priority.", "current_process": "Manual reading and tagging in Salesforce", "data_sources": "Customer email inbox, Salesforce CRM records", "data_sensitivity": "Contains customer names and communication history", "expected_outcome": "Auto-classify emails by sentiment and urgency, route to right rep", "estimated_users": "45 sales reps", "estimated_roi": "~90 hours/week saved across team", "external_vendor": false, "regulatory_domain": "none", "submitter_email": "jsmith@company.com" }
{
"success": true,
"intake_id": "INTAKE-1748476800000",
"risk_tier": "MEDIUM",
"risk_score": 5,
"approval_decision": "PENDING_MANAGER_APPROVAL",
"assigned_approver": "sales-manager@company.com",
"estimated_review_days": 3,
"next_action": "Awaiting manager approval from sales-manager@company.com",
"primary_risk_factors": [
"Customer communication data in scope",
"Automated routing decisions affecting customer relationships"
],
"required_controls": [
"Human review of flagged edge cases",
"Regular accuracy monitoring",
"Override mechanism for reps"
],
"message": "Your AI use case has been classified MEDIUM risk. Your manager at sales-manager@company.com has been notified. Expected decision: 3 business days."
}
Click the download button below. Save the file locally.
In n8n: Menu → Import from File → select the JSON. The full workflow loads with all nodes connected.
In the Claude Risk Classifier node → Credentials → HTTP Header Auth → set value to your Anthropic API key. Get one at console.anthropic.com.
Toggle the workflow to Active. POST the sample request from Section 5 to your webhook URL. Verify the risk classification and routing response.
Complete n8n workflow JSON · 11 nodes · 4 risk tiers · Anthropic Claude Haiku