Ability.ai Logo ability.ai Agent Hub
Animated data flow diagram

AI Phishing Detection & Jira Reporting Agent

Version: 1.0.0 | Last Updated: 2025-05-16

Integrates with:

OpenAI Jira Gmail Microsoft Outlook hcti.io (via HTTP Request)

Overview

Unlock Proactive Phishing Threat Management with this AI Agent

This AI Agent automates the detection, analysis, and reporting of potential phishing emails, safeguarding your organization from cyber threats. It monitors your Gmail or Outlook inboxes (one active at a time), and when a new email arrives, it performs a multi-faceted analysis.

First, it extracts key email details (subject, sender, body, headers). For visual context and evidence, it generates a screenshot of the email's HTML content using the hcti.io service. Then, the core AI capability kicks in: the email screenshot and its headers are sent to OpenAI's ChatGPT-4o model. This advanced AI analyzes the visual content and metadata for common phishing indicators, such as suspicious links, sender impersonation, urgent language, and inconsistencies.

The AI's findings, formatted for Jira's wiki-style renderer, are used to automatically create a new ticket in your Jira project. This ticket includes the AI's analysis, the original email's text body, subject, recipient, and the generated screenshot as an attachment. This provides your security team with a comprehensive, ready-to-investigate report for every potential phishing attempt.

Key Features & Benefits

  • AI-Powered Phishing Detection: Leverages OpenAI's ChatGPT-4o for intelligent analysis of email content and screenshots, identifying sophisticated phishing attempts.
  • Automated Incident Reporting: Automatically creates detailed Jira tickets with AI analysis, email text, and visual proof, streamlining security incident response.
  • Visual Evidence Capture: Generates screenshots of emails via hcti.io, offering crucial visual context for investigations (Note: this involves sending email content to a third-party service).
  • Dual Email Provider Support: Includes triggers for both Gmail and Microsoft Outlook. The Outlook trigger is initially disabled in the template; activate one based on your needs.
  • Comprehensive Data Extraction: Systematically pulls and formats relevant information (HTML & text body, headers, subject, recipient) for thorough analysis.
  • Streamlined Security Workflow: Empowers security teams to act faster on potential threats by providing pre-analyzed and documented incidents directly in Jira.
  • AI Agent Abilities: Phishing Detection, Security Analysis, Automated Incident Reporting, Visual Evidence Capture.

Use Cases

  • For B2C e-commerce: Automate reporting of phishing emails targeting customers or staff, enhancing protection of brand reputation and customer data.
  • For B2B SaaS: Streamline IT/Security team's response to potential phishing attacks by automatically creating detailed Jira tickets with AI analysis and visual proof.
  • Enhance security operations by proactively identifying, analyzing, and documenting suspicious emails received across company inboxes.
  • Reduce manual effort and time spent on handling phishing reports, allowing security teams to focus on investigation and remediation.

Prerequisites

  • An n8n instance (Cloud or self-hosted).
  • OpenAI API Key with access to a vision-capable model like gpt-4o-latest.
  • Jira Cloud credentials (API token recommended) with permissions to create issues and attachments in the target project.
  • Credentials for your email account (Gmail OAuth2 or Microsoft Outlook OAuth2).
  • hcti.io User ID and API Key for screenshot generation (requires an hcti.io account).

Setup Instructions

  1. Download the n8n workflow JSON file.
  2. Import the workflow into your n8n instance.
  3. Email Trigger Configuration:
    • The workflow includes a 'Gmail Trigger' (active by default) and a 'Microsoft Outlook Trigger' (disabled by default). Enable the one you need and disable the other.
    • Configure the active email trigger node with your email account credentials. For Outlook, ensure the 'Retrieve Headers of Email' and 'Format Headers' nodes are also correctly configured if you customize further.
  4. Set Variables Nodes:
    • Review the 'Set Gmail Variables' or 'Set Outlook Variables' node (corresponding to your active trigger) to ensure data mapping is correct, especially if you modify trigger outputs.
  5. hcti.io Configuration:
    • In the 'Screenshot HTML' and 'Retrieve Screenshot' nodes, configure the 'httpBasicAuth' credentials with your hcti.io User ID and API Key.
  6. OpenAI Configuration:
    • In the 'ChatGPT Analysis' node, select your OpenAI API credential. Ensure the model (e.g., chatgpt-4o-latest) is selected. You can customize the prompt to refine the analysis.
  7. Jira Configuration:
    • In the 'Create Jira Ticket' node, select your Jira Cloud credentials. Choose the correct 'Project' and 'Issue Type'. Customize the 'summary' and 'description' fields as needed using expressions.
    • In the 'Upload Screenshot of Email to Jira' node, select the same Jira Cloud credentials.
  8. Review all node connections and ensure data flows as expected.
  9. Activate the workflow. Remember to have only one email trigger active.

Tags:

AI AgentPhishing DetectionCybersecurityEmail AutomationOpenAIJiraWorkflow AutomationSecurity Operations

Want your own unique AI agent?

Talk to us - we know how to build custom AI agents for your specific needs.

Schedule a Consultation