Privent
  • Agent Security
  • Pricing
  • Docs
  • Blog
Privent

Agent Security for n8n workflows and AI Monitoring for enterprise AI usage, deployed in our cloud or fully on-prem.

GDPREU AI ActHIPAASOC 2SOC 2
Get your reportGet started

Product

  • Agent Security
  • Risk Report
  • Pricing
  • Use Cases

Integrations

  • n8n

Resources

  • Security
  • FAQ
  • Docs
  • Extension setup

Company

  • About
  • Contact
  • Privacy Policy
  • Terms of Service

Connect

  • LinkedIn
  • X / Twitter
  • Get started

© 2026 Privent Technologies, Inc. All rights reserved.

trust.privent.ai
n8n

Add a Privent node to your

n8n workflows

Privent ships a community n8n package (n8n-nodes-privent) with six nodes plus one credential type. Drop them into any workflow to tokenize PII before it reaches an LLM, score prompt risk, audit every step, and detokenize only at trusted egress sinks. Agent handoffs are signed into the Trust Map automatically. No proxy. No code changes. Audit-only: the integration never blocks a running workflow.

Get startedAgent Security overview
How it works

How Privent integrates with n8n

  1. 01

    Install the community package

    Self-host: enable N8N_COMMUNITY_PACKAGES_ENABLED on the n8n container, then Settings → Community Nodes → install n8n-nodes-privent. n8n Cloud Pro / Enterprise uses the same UI. The Cloud Free tier does not expose community nodes.

  2. 02

    Add the Privent API credential

    Create a Privent API credential with your AGENT_SDK key (pv_live_…). The credential authenticates every Privent node via Bearer auth and selects the vault backend: In-Memory for single-worker self-host, Privent Cloud for n8n Cloud or queue-mode deployments.

  3. 03

    Place Session → Tokenize before the LLM

    Privent Session generates the sessionId / traceId and prewarms an in-memory vault. Privent Tokenize replaces detected PII / secrets (10 kinds including EMAIL, SSN, CREDIT_CARD, IBAN, AWS_KEY, JWT, API_KEY) with deterministic [KIND_NNN] placeholders before the prompt ever reaches the LLM node.

  4. 04

    Detokenize only at trusted egress

    Privent Detokenize resolves placeholders right before an HTTP / DB sink. Strict mode hashes the sink URL into a sinkId and matches it against your trustedSinks prefix list; sinks that don't match keep the placeholder, never the cleartext value.

  5. 05

    Audit + handoff feed the Trust Map

    Privent Handoff emits an agent_handoff audit event when one agent delegates to another agent or sink. Privent Audit Event emits custom observability events. Backend evaluates handoffs against AgentDelegation rows and surfaces violations + trust-score deltas on the Trust Map.

Integration

Drop-in integration

Add Privent to your existing n8n pipeline without changing your architecture. One addition. Full graph-state visibility.

No proxy
No sidecar
Zero orchestration changes
privent-workflow.json
{
"nodes": [
{ "name": "Webhook", "type": "n8n-nodes-base.webhook" },
{ "name": "Session", "type": "n8n-nodes-privent.priventSession" },
{
"name": "Tokenize", // PII → [KIND_NNN]
"type": "n8n-nodes-privent.priventTokenize",
"parameters": { "sessionId": "={{$('Session').item.json.sessionId}}", "textField": "prompt" }
},
{ "name": "OpenAI", "type": "n8n-nodes-base.openAi" },
{
"name": "Detokenize", // strict egress gate
"type": "n8n-nodes-privent.priventDetokenize",
"parameters": { "strict": true, "trustedSinks": "https://internal.acme.com" }
}
]
}
Runtime visibility

What Privent reads at runtime

External gateways receive only the final prompt string. Privent reads everything in context, in real time.

01
Input text field per nodeTokenize and Risk Check read the operator-configured text field (or the full item.json) from the upstream node's output.
02
Vault state by sessionIdDetokenize resolves token ↔ value mapping from the in-memory vault keyed by the Session node's sessionId; vault state never leaves the worker process.
03
Sink URL at egressDetokenize hashes the downstream sink URL into a 16-char sinkId and matches it against the operator's trustedSinks prefix list before releasing cleartext.
04
Handoff target identityHandoff reads source / target agent names plus a reason enum (delegation · subgraph_call · tool_invocation · webhook_trigger · other) and emits an agent_handoff audit event.
05
n8n execution metadataWorkflow ID, node ID, execution ID, and the x-forwarded-for chain are captured into every audit event for correlation in the Privent dashboard.
Use cases

Built for n8n teams

01

Customer-data prompts to external LLMs

Tokenize replaces emails, SSNs, cards, and IBANs before any HTTP-to-OpenAI / Anthropic node fires; Detokenize restores them only at trusted internal sinks. The LLM sees [KIND_NNN] placeholders, never raw PII.

02

Agent-to-agent delegation auditing

Privent Handoff emits agent_handoff events whenever a node delegates to another agent. The backend evaluates each handoff against AgentDelegation rows and flags unauthorized scope expansions on the Trust Map violation surface.

03

Strict-mode egress gating

The trustedSinks comma-separated prefix list lets ops allow only internal API hosts. LLM-driven HTTP nodes that target unknown sinks keep the placeholder; the cleartext value stays in the vault.

Get started

Add Privent to your n8n pipeline

We integrate in under 30 minutes. No orchestration changes required. Your pipelines keep running. Privent keeps watching.

Get startedRead the docs