Skip to content
Pilot Docs

Companies

A company is the top of the tree in Pilot. Everything else — domains, subdomains, targets, findings, secrets, attack-graph nodes — hangs off a company.

Why companies matter

Pilot is built for teams that monitor more than one organisation: an agency mapping client estates, a security team covering subsidiaries, or an evaluator running side-by-side comparisons. Scoping everything to a company keeps each investigation cleanly isolated.

In the UI, the scope chip at the top of the page shows which company you’re currently looking at. Click it to switch scope or go back to GLOBAL (which is “everything in this customer account”).

Seed domains

Every company starts with at least one seed domain — the root URL Pilot enumerates outward from. Many real organisations span more than one root domain (acme.com, acme.io, acmecloud.com), so you can add multiple.

The primary seed shows in the company header and drives the default target. Subdomains discovered under any seed get linked back to the company automatically.

What happens when you add a company

  1. Targets table gets a new row for the seed domain.
  2. Enrichment starts in the background — DNS lookup, HTTP fingerprint, SaaS detection, and subdomain enumeration through seven sources (crt.sh, hackertarget, certspotter, alienvault, urlscan, subfinder, securitytrails when keyed).
  3. Discovered subdomains land as new target rows under the parent domain. They each go through their own enrichment pass.
  4. The attack graph for the company starts populating as enrichment data arrives.

You don’t have to wait for everything to finish — you can navigate around, kick off scans against partial data, and re-check later. Toast notifications and the green / yellow / red status pills on each row will tell you when things complete.

The company detail page

Click any company in the sidebar Companies view to open its detail page. The hero is the A–F posture grade, computed from the verified data Pilot has collected:

  • HTTPS adoption across reachable targets.
  • Security header coverage (HSTS, CSP, X-Frame-Options, etc.).
  • Open vulnerability count by severity.
  • Leaked-secret exposure (counting only triaged non-false-positive matches).
  • Identity / SaaS coverage and federation posture.

Below the grade you’ll see the live target list, detected SaaS services, identity providers, network topology (cloud groups), DNS intel (MX providers, SPF/DMARC posture), and a tech-stack summary.

Deleting and rescoping

Deleting a company removes all its targets, scans, findings, and secrets. Subdomains that hung off any of its domains get unlinked (they don’t disappear from the customer account; they just lose their company tag and become orphan targets you can re-attach elsewhere).

This is destructive — the confirm dialog shows a count of what’s about to be deleted, and there’s no undo.