n8n is on a mission to make workflow automation accessible for technical teams. As they scaled their product and engineering organization, so did the complexity of their security posture. We spoke with Cornelius, VP Engineering (and acting security officer) at n8n, about how Aikido became a cornerstone in their vulnerability management and compliance processes.

‍

Hey Cornelius! Can you introduce yourself and your role at n8n?

I'm Cornelius, VP Engineering at n8n. I’ve been with n8n for almost four years, overseeing and growing our engineering org. We're currently around 40 engineers strong (within the broader ~50 person R&D team), and we expect to scale to 60 by the end of the year. On top of my engineering responsibilities, I currently also act as the company’s security officer, helping navigate audits like SOC 2 and helping define our overall security posture as we scale.

‍

What makes n8n unique in the workflow automation space?

We’re all about empowering technical people. You don’t need to be a programmer to use n8n, but if you are, the platform can make you 10x more productive. We combine the best of both worlds: the flexibility of low-code and the power of custom code when needed. This makes it easy to build robust automations, AI agents, and internal tools.

‍

What role does security play in your industry, and at n8n specifically?

Security is absolutely critical for two key reasons. First, users connect their most sensitive credentials (from tools like Google, Salesforce, databases, and other APIs) which means we must earn and maintain their trust to handle these secrets.

Second, we serve enterprises in highly regulated sectors, including government agencies and security organizations with the strictest compliance requirements. These organizations often choose to self-host n8n, which gives them complete control over their data and infrastructure while meeting their stringent security and privacy standards.

‍

Was there a moment that triggered a more strategic focus on security?

In the early days, security wasn’t ignored, but it also wasn’t handled in a very structured way yet. We had tools like Dependabot, GitHub code scanning, and Snyk in place, but the noise they created and weekly emails they kept sending out just weren’t good enough. There was no centralized process to see findings, or ownership to handle them.

‍

We had tools like Dependabot, GitHub code scanning, and Snyk in place, but the noise they created and weekly emails they kept sending out just weren’t good enough. There was no centralized process to see findings, or ownership to handle them.

‍

Aikido helped us build that process. Now, every vulnerability flagged by Aikido (whether it’s for code, Docker images, or infra) automatically creates a ticket in Linear, complete with SLAs based on severity. That means every issue is tracked, prioritized, and worked on within defined timelines. Security is no longer just tooling, but it has become a process.

‍

What were your top security concerns before adopting Aikido?

Mainly:

• No consistent process
• No central overview of all findings 
• No way to enforce SLAs across security issues

We needed something that would help us reliably meet resolution deadlines, like 21 days for high-severity findings. Aikido gave us the structure to actually meet those targets.

‍

How were you handling compliance and audits before Aikido?

We were working with Drata, but compliance evidence still required a lot of manual effort. Aikido now complements Drata by providing a single pane of glass for our security tooling. That’s helped us reduce the time it takes to gather evidence and pass audits.

‍

Aikido's Drata integration helps us reduce the time it takes to gather evidence and pass audits.

‍

What stood out about Aikido during your evaluation?

We were early adopters of Aikido. The GitHub integration was plug-and-play, literally just a few clicks. 

But more importantly, the Aikido team was incredibly responsive. We’d give feedback, and the Aikido team would reply within the hour and ship improvements or fixes within a day. They still do, too. That kind of partnership was invaluable, especially while preparing for a SOC 2 audit.

‍

The Aikido team is incredibly responsive. We give feedback and get a reply within the hour. Improvements or fixes often get shipped within a day.

‍

How did you integrate Aikido into your workflows?

• GitHub for scanning codebases
• Linear for ticket handover and resolution

Overall, it’s helped us stay on top of things.

‍

What’s your experience been like working with the Aikido team?

Excellent. They’re incredibly fast and transparent, and always willing to jump on a call or solve an issue quickly. There’s a lot of trust there. As mentioned, whenever we hit a bug or have feedback, the team quickly jumps on it, usually fixing things within a day. That support has been a huge part of why the rollout succeeded.

‍

What’s your favorite feature in Aikido?

Definitely team filtering. It lets us route vulnerabilities to the right team instantly. 

But the main feed is where I spend most of my time. I check it at least five times a week to see what’s open, what’s urgent, and what’s been resolved. It gives me full visibility.

‍

Aikido's main feed is where I spend most of my time. I check it at least five times a week to see what’s open, what’s urgent, and what’s been resolved. It gives me full visibility.

‍

Given that we’re both a commercial and open-source product, we rely heavily on open-source libraries. The open-source licenses view and SBOM (Software Bill of Materials) features are also critical for us.

‍

n8n reports 92% noise reduction with Aikido. What’s the impact been? 

Yes! The 92% noise reduction is a game changer. It allows us to focus on the 8% that actually matter. That alone is gold. 

While some tickets are a bit cryptic, they’re good enough to get engineers started. Honestly, we got used to ‘the quiet’ quickly, and now I wish it was even quieter. It’s a massive productivity and sanity boost.

‍

With 92% noise reduction, we got used to ‘the quiet’ quickly. Now I wish it was even quieter! It’s a massive productivity and sanity boost.

‍

Have you seen measurable outcomes?

Just being able to say “we’ve reduced noise by 92%” is impactful. But beyond that, the ability to stay within SLAs and pass audits more efficiently is a huge win for us.

‍

How has Aikido changed your security posture overall?

It’s centralized our approach. Before, things were scattered across tools and inboxes. Now, we have a single source of truth.

‍

If you had to sum up Aikido’s impact at n8n in a sentence?

‍

Aikido gives us peace of mind when it comes to security (which is daunting by itself).

‍

‍