Autopilots
A campaign is a one-off send. An autopilot is the configuration that produces campaigns automatically, on a cadence you set, for as long as you want it to run. You define the audience, the intensity (how often), the post-click outcome and the targeting context (language, country, industry) — and PhishSpot launches simulations against the matching contacts until you pause or stop the autopilot.
The model is “set it once, then let it work.” If a new contact joins one of the autopilot’s groups (or arrives from a directory sync), they get picked up automatically on the next iteration. If you change the outcome or course mid-flight, the next launched campaign uses the new setting.
23.1 What an autopilot is — and isn’t
Section titled “23.1 What an autopilot is — and isn’t”An autopilot is not a single long-running campaign. It’s a recipe. Each time the autopilot fires it creates a fresh Campaign record, picks a phishing template suited to the autopilot’s language and industry, snapshots recipients from the configured groups, and dispatches the send. Reports for those campaigns live in Reports & Analytics like any other.
Use autopilots when you want a continuous, low-touch awareness program. Use one-off campaigns (Chapter 4) when you want full control over timing, copy, and recipients for a single send.
23.2 Creating an autopilot
Section titled “23.2 Creating an autopilot”Open Autopilots in the left sidebar and click New autopilot. The form has two visible sections:
23.2.1 Name and audience
Section titled “23.2.1 Name and audience”- Name — what you’ll see in the autopilot list. Max 80 characters. Examples from a typical setup: “Continuous Awareness — cała organizacja”, “IT Department Spear”, “Q3 Finance Focus”.
- Audience — pick All contacts to target every contact on the account, or Selected groups to scope the autopilot to one or more groups. When the autopilot fires, recipients are sampled from the audience at that moment — so groups that grow over time grow the autopilot’s reach.
23.2.2 Advanced settings
Section titled “23.2.2 Advanced settings”This section is expanded by default when you’re editing an existing autopilot. It contains:
- AI Optimizer — when on, PhishSpot fine-tunes which templates are sent to whom based on past interactions. New autopilots default to ON.
- Duration — Continuous (runs until you stop it) or Until
(stops automatically on the chosen day). - Industry — the industry of the target organization (NAICS + LinkedIn taxonomy). Used to bias template selection toward themes that look plausible for that vertical. Leave blank to inherit from autopilot settings (§23.6).
- Language — the language the simulation copy will be authored in. Leave blank to inherit.
- Default outcome (after click) — what to show the recipient after they click the simulated phishing link:
- Do nothing — no landing page; the click is just logged.
- Redirect to training course — opens the course you select.
- Show awareness page (recommended) — renders an in-context “this was a phishing simulation” page.
- Redirect to URL — sends the user to an external URL of your choice.
- Automatically include new members of groups and contacts — when on, contacts added to the autopilot’s groups after the autopilot starts will be included from the next iteration onward. Default ON.
- Campaign intensity — see §23.3.
Save and the autopilot is created in Draft state. Click Start to begin.
The form below shows an existing autopilot in edit mode — every advanced setting is visible: AI Optimizer, duration, industry, language, outcome, auto-include new members, and intensity.
23.3 Intensity and the daily cap
Section titled “23.3 Intensity and the daily cap”Intensity is two values: a count and a period — 2 per week, 1 per month, 4 per year, etc. Periods are day, week, month, year.
PhishSpot enforces a hard ceiling: no single contact will be targeted by an autopilot more than twice per day, regardless of intensity setting. The intensity field in the form refuses values that would breach this:
1/dayand2/dayare allowed.3/dayand above are rejected — the form shows an error.- Weekly/monthly/yearly are converted internally to a per-day rate (
PERIOD_DAILY_RATEof1,7,30,365respectively) and checked against the same cap.
The cap is per-autopilot. If a contact sits in multiple autopilots, each autopilot honours its own limit independently — keep that in mind when running parallel programs against overlapping groups.
23.4 Lifecycle states
Section titled “23.4 Lifecycle states”Every autopilot is in exactly one state:
| State | Meaning | Editable? |
|---|---|---|
| Draft | Created but not yet launched. No campaigns fired. | Yes |
| Running | Active. Campaigns fire on the configured cadence. | Yes |
| Paused | Temporarily halted. No new campaigns until resumed. | Yes |
| Stopped | Permanently terminated. Read-only. Remove the autopilot to start fresh. | No |
Transitions are explicit buttons on the autopilot row:
- Start —
DraftorPaused→Running. - Pause —
Running→Paused. - Stop — any state →
Stopped. Cannot be undone; you’ll need to delete the autopilot and re-create it.
A Stopped autopilot is a tombstone — it retains its history (which campaigns it fired, when) but no fields can be changed. The intent is to give you an auditable trail of past programs without cluttering active ones.
23.5 The AI Optimizer
Section titled “23.5 The AI Optimizer”When enabled, the AI Optimizer adapts which templates the autopilot picks for each recipient based on past behaviour: people who consistently fall for invoice-themed lures see more of those (and the training that follows); people who never miss them get harder, less obvious variants. The optimizer is on by default for new autopilots and can be toggled per-autopilot in the Advanced settings section.
The optimizer’s adaptive logic ships in phases. The toggle and the per-template scoring are live today; the full multi-armed-bandit selection layer rolls out during the implementation engagement and is included in the SaaS subscription — no separate configuration is required when it lands.
23.6 Default settings
Section titled “23.6 Default settings”Click the gear icon → Autopilot settings on the autopilots list to open account-level defaults. Settings here pre-fill the new-autopilot form so you don’t repeat yourself across autopilots:
- Primary industry — your organization’s industry. Templates pick it up automatically.
- Default country — used to bias template selection (sender names, brand spoofing targets).
- Default language — language of simulation copy.
- Default outcome (after click) — same four options as on the autopilot form, used as the starting value.
- Default campaign intensity — count + period used as the starting value.
Changing settings here does not retroactively edit existing autopilots — it only changes the defaults for future ones. Per-autopilot fields override these defaults when set.
23.7 Real-world examples
Section titled “23.7 Real-world examples”Below are three autopilot configurations from a working setup, illustrating the spread of typical use cases.
Continuous Awareness — full organisation
Section titled “Continuous Awareness — full organisation”A baseline program for everyone on the account.
- Audience: the “Wszyscy pracownicy” group (all employees synced from Entra AD).
- Intensity: 2/week. With the daily cap that’s still no more than 2 emails on any single day per contact — but spread thinly across the week.
- AI Optimizer: ON.
- Language: pl. Industry: Technology, Information and Media.
- Outcome: Redirect to course “Świadomość phishingowa 101”.
- Auto-include new members: ON — directory sync changes flow straight through.
IT Department Spear
Section titled “IT Department Spear”Higher-difficulty simulations aimed at the IT team — the group most likely to be targeted by real attackers.
- Audience: just the “Dział IT” group.
- Intensity: 1/week — lower than the org-wide program because the templates used are harder and the cohort is small.
- AI Optimizer: OFF — the admin wants deterministic, manually-curated targeting for this group during initial calibration.
- Outcome: Redirect to URL — a custom internal security wiki page.
Q3 Finance Focus (paused)
Section titled “Q3 Finance Focus (paused)”A time-boxed campaign for the finance team.
- Audience: “Dział Finansowy”.
- Intensity: 4/month.
- State: Paused — kept around between quarters; resumed when the next quarterly push starts.
Each of these is created once and then left alone. The reporting per autopilot shows up under the matching campaigns in Reports & Analytics.
23.8 Cross-references
Section titled “23.8 Cross-references”- Account-level defaults: see §23.6 above.
- The contacts and groups autopilots target: Chapter 5 Contacts and Chapter 6 Groups.
- The directory sync that grows the audience automatically: Chapter 25 Directory Sync.
- Reporting for autopilot-fired campaigns: Chapter 11 Reports & Analytics.
- Course used as the post-click outcome: Chapter 8 Courses.