n8n Workflow · Trust by Design · May 2026

AI Use Case
Intake Classifier

A production workflow that automatically classifies enterprise AI use cases by risk tier, routes them to the right approver, and logs every decision to an immutable audit trail.

Risk Tiers
4
LOW · MEDIUM · HIGH · CRITICAL
Routing Paths
4
Auto → Manager → Board → CISO+Legal
Classifier
Claude
Haiku via Anthropic API
Platform
n8n
Open-source workflow automation
01 — What It Does

The Problem It Solves

Every enterprise AI program has the same intake problem: business teams submit AI requests however they want — email, Slack, meetings — and the central AI team becomes a concierge reacting to whoever shouts loudest. Nothing is prioritized by risk. Nothing is tracked. When an incident occurs, there's no audit trail.

This workflow fixes that. Every AI use case request hits a single endpoint. Claude classifies the risk automatically. The right approver gets notified immediately. Every decision is logged. The central AI team never touches a LOW-risk request — it's auto-approved and queued for build. Their capacity goes to HIGH and CRITICAL cases that actually need expert judgment.

Design Principle

"Risk tiering is automated at intake, not manual at deployment. Most requests never reach the governance bottleneck. Speed of the official path matches speed of the workaround."

02 — Architecture

How It's Built

Seven nodes. One Claude API call. Four routing paths. Every request exits with a risk tier, approval decision, assigned approver, and audit log entry.

Figure 1 — Workflow Architecture
AI Intake Classifier Workflow Architecture Webhook POST /ai-intake Validate Extract Fields Claude API Risk Classifier Haiku · Temp 0 Parse Classification LOW MEDIUM HIGH CRITICAL Auto-approve Manager Board CISO+Legal All paths → Audit Log → Webhook Response
03 — Risk Tiers

Four Tiers, Four Paths

Claude evaluates eleven intake fields and assigns a risk tier. The tier determines the approval path automatically — no human judgment required for routing.

LOW
Auto-Approved

Internal productivity tools. No sensitive data. Limited automation. Reversible actions. Build queue immediately.

→ AI Platform build queue · 0 days
MEDIUM
Manager Approval

Internal business data. Moderate automation. Some human review required in the workflow.

→ Business unit manager · 3 days
HIGH
Governance Board

Sensitive data. Significant automation. Regulatory implications. External vendor AI involved.

→ AI Governance Board + DPIA required · 10 days
CRITICAL
CISO + Legal + Board

PII at scale. Financial decisions. Healthcare data. Legal implications. Fully autonomous with irreversible consequences.

→ CISO + Legal + Board · HOLD status · 30 days
04 — Step by Step

What Happens When a Request Hits

01
Intake form submits via POST

Business team submits use case details via webhook endpoint. Required: title, business unit, problem statement, data sources, expected outcome. Optional fields add classification precision.

n8n Webhook node · /ai-intake
02
Validation and field extraction

Required fields are checked. Missing fields return an immediate error. Intake object is structured with a unique ID and timestamp. No malformed requests reach the AI classifier.

n8n Code node · JavaScript
03
Claude classifies the risk

Structured prompt sends all eleven intake fields to Claude Haiku. Temperature set to 0 for deterministic output. Claude returns JSON: risk tier, risk score 1-10, primary risk factors, required controls, approval path, estimated review days, classification rationale, next steps.

Claude claude-3-haiku-20240307 · Anthropic API · Temp: 0
04
Parse and validate classification

Claude's JSON response is parsed and merged with the intake object. If Claude returns non-JSON for any reason, fallback logic triggers MEDIUM tier and flags for manual review — the system never silently fails.

n8n Code node · JSON validation · Fallback handling
05
Route to correct approval path

IF nodes check risk tier. LOW → auto-approve, add to build queue. MEDIUM → identify business unit manager, set 3-day deadline. HIGH → AI Governance Board, list required documentation. CRITICAL → CISO + Legal + Board, place on HOLD, notify CTO.

n8n IF nodes · 4 routing paths · Business unit approver mapping
06
Audit log entry

Every request — regardless of risk tier — generates an audit log entry. Fields: audit ID, intake ID, timestamp, submitter, risk tier, risk score, approval decision, approver, risk factors, controls, rationale. Immutable record for compliance.

n8n Code node · Structured audit entry · Console log → external store
07
Structured response returned

Webhook response delivers: intake ID, risk tier, risk score, approval decision, assigned approver, estimated review days, next action, plain-language message to submitter, required controls, primary risk factors.

n8n Respond to Webhook node · JSON response
05 — Sample Request

Request and Response

Sample POST Request — /ai-intake
// POST https://your-n8n-instance.com/webhook/ai-intake
{
  "use_case_title": "Customer Email Sentiment Classifier",
  "business_unit": "Sales",
  "problem_statement": "Sales reps spend 2 hours/day manually triaging customer emails. We want AI to classify sentiment and priority.",
  "current_process": "Manual reading and tagging in Salesforce",
  "data_sources": "Customer email inbox, Salesforce CRM records",
  "data_sensitivity": "Contains customer names and communication history",
  "expected_outcome": "Auto-classify emails by sentiment and urgency, route to right rep",
  "estimated_users": "45 sales reps",
  "estimated_roi": "~90 hours/week saved across team",
  "external_vendor": false,
  "regulatory_domain": "none",
  "submitter_email": "jsmith@company.com"
}
Classified Response — MEDIUM Risk
{
  "success": true,
  "intake_id": "INTAKE-1748476800000",
  "risk_tier": "MEDIUM",
  "risk_score": 5,
  "approval_decision": "PENDING_MANAGER_APPROVAL",
  "assigned_approver": "sales-manager@company.com",
  "estimated_review_days": 3,
  "next_action": "Awaiting manager approval from sales-manager@company.com",
  "primary_risk_factors": [
    "Customer communication data in scope",
    "Automated routing decisions affecting customer relationships"
  ],
  "required_controls": [
    "Human review of flagged edge cases",
    "Regular accuracy monitoring",
    "Override mechanism for reps"
  ],
  "message": "Your AI use case has been classified MEDIUM risk. Your manager at sales-manager@company.com has been notified. Expected decision: 3 business days."
}
06 — Download & Deploy

Import Into n8n in 4 Steps

1
Download the workflow JSON

Click the download button below. Save the file locally.

2
Open n8n and import

In n8n: Menu → Import from File → select the JSON. The full workflow loads with all nodes connected.

3
Add your Anthropic API key

In the Claude Risk Classifier node → Credentials → HTTP Header Auth → set value to your Anthropic API key. Get one at console.anthropic.com.

4
Activate and test

Toggle the workflow to Active. POST the sample request from Section 5 to your webhook URL. Verify the risk classification and routing response.

AI Use Case Intake Classifier

Complete n8n workflow JSON · 11 nodes · 4 risk tiers · Anthropic Claude Haiku

↓ Download Workflow JSON
Built By
Guru Krish
Director — Enterprise AI Transformation, Governance & Security
ex-Google · ex-Amazon · Austin, TX

This workflow implements the intake governance pattern from the Trust by Design framework — built from 18 years of governing enterprise AI programs at Google and Amazon. The design principle: governance at intake, not at deployment. Every AI use case classified before a line of code is written. Audit trail from day one.