Skip to content
Pilot Docs

Ask Pilot (the agent)

Ask Pilot is the AI agent built into every page. Click the emerald pill bottom-left (“Ask Pilot”) — or use one of the inline panels on empty pages — to open the chat drawer.

It’s a read-only intelligence agent. It can call any of Pilot’s existing tools (list companies, query the graph, search crawled content, generate what-if scenarios, etc.) but it cannot mutate anything in your account.

What makes it useful

Most security tools force you to learn their query syntax before you can get value. Pilot’s agent skips that:

  • Natural language in. Type the question the way you’d ask a colleague.
  • Real data out. The agent picks one or more read-only tools, runs them against your actual data, and shows you the rows that produced the answer. Nothing is fabricated.
  • Cited answers. Every concrete claim in a synthesised answer carries a [N] chip that points to the step that produced it. Click the chip → the step card highlights with the raw rows.
  • Verified-first discipline. The agent leads with what Pilot has actually observed (companies, infra, real findings, real secrets). It only reaches for hypothetical / catalogue / blast-radius content when your question explicitly asks for it.

Two modes

The agent picks one of two response shapes per question:

Direct mode

For enumeration questions (“list secrets”, “how many criticals”, “show subdomains of acme.com”). Calls one tool, returns the raw rows as a table. No prose. Use the table headers to sort, filter, and download.

Synthesis mode

For open or conceptual questions (“how is this company exposed”, “what should I look at”, “explain their cloud posture”). Calls multiple tools across reasoning rounds, writes a short prose answer under 2000 words, and ends with: “Raw rows for any cited step are downloadable — just say which one.”

Tools Pilot has access to

The full list lives in /api/v1/agent/tools and updates as new capabilities ship. Key ones:

  • list_companies, get_company_overview, get_company_profile
  • list_targets, list_subdomains, list_findings, list_secrets
  • list_saas_services, list_identity_providers, list_cloud_assets
  • list_repos, list_discoveries
  • search_pages (full-text over crawl content)
  • get_page_body (fetch a specific crawled page — bounded byte budget)
  • attack_paths, attack_paths_between — verified attack chains
  • graph_neighborhood, graph_query — direct graph filtering
  • count_findings_by_severity

Opt-in (only called when you ask):

  • matrix_chains_for_company, list_matrix_paths_catalogue, list_matrix_techniques — SaaS Attack Matrix
  • whatif_scenarios — operator-prompted hypothesis synthesis

Good questions

For evaluations and onboarding:

  • “What kind of security data does Pilot collect?”
  • “Walk me through the steps to scan a new organisation end-to-end.”
  • “What’s the difference between targets, findings, and secrets?”

For day-to-day investigation:

  • “What are the riskiest verified attack paths I should investigate today?”
  • “Are there leaked credentials that reach SaaS data?”
  • “Which company has the most critical findings open?”
  • “Tell me about Acme — their infra, the SaaS they use, their posture.”

For exploration / blast-radius:

  • “What if our Okta admin token leaked?”
  • “Show me the SaaS Attack Matrix chains for this scope.”
  • “What’s the worst case if Cloudflare were compromised?”

Limits

  • 10 reasoning rounds per question. Force-summarise if hit.
  • 32 KB per-question byte budget for get_page_body calls — so the agent won’t dump megabytes of crawl content into context.
  • Read-only. Cannot start jobs, modify settings, send messages, delete data, or change scope.
  • Scope-aware. Operates on the current scope chip (a specific company or GLOBAL).

What it won’t do

  • Fabricate. If no tool returned the data, it says “I don’t have that.”
  • Speculate without evidence. It uses a verified > inferred > speculative confidence hierarchy and hedges speculative claims.
  • Lead with hypotheticals on a generic posture question. If the question is “what’s our posture”, you get verified intel; matrix content only appears if you ask for it.

That last constraint matters: the agent exists to give you intelligence about your real estate. Hypothetical attack-chain enumeration is a separate, opt-in surface — same data, different framing.