BLACKOUT OS // ENTERPRISE

Bring the receipts.

Every vendor in your stack is taking something. Blackout OS shows you what, priced in dollars, with the receipt attached.

Scan Your Site

Evidence captured

14:32:18 UTC

▸ Vendor

6sense

ABM · INTENT DATA · DEANON

▸ Observed

Visitor identity exfil pre-consent. Account fingerprints transmitted to b.6sc.co.

▸ Annualized revenue at risk

$130K – $175K

1.8× contract value · range reflects confidence band

BTI · B-04 / B-07 / B-12HAR archived

How we calculate this

01 // OBSERVATION

Watch what your vendors actually do.

Three consent states. Pre-consent. Post-consent. Post-rejection. Most vendors don't change behavior between any of them. That's the receipt.

BLACKOUT://SCAN/EXAMPLE_CORP58s

$ blackout scan example.com

▸ probing 600 vendor signatures

▸ pass 1: pre-consent baseline

▸ pass 2: post-consent observation

▸ pass 3: post-rejection check

▸ comparing against VIDB corpus

✓ Scan complete47 detected

47 vendors / 12 not in DPA / 5 pre-consent// LIVE

02 // THE INTELLIGENCE LAYER

Every vendor in your stack is already profiled.

▸ Vendor profile · live in product

6sense

ABM · INTENT DATA · DEANON

VRS 90Last observed Q

Sites observed

247

Evidence rows

18,402

First seen

2024-Q3

BTI flags

▸ Claims vs runtime

What they claim

What we observe

Privacy-respecting analytics

Visitor identity exfil pre-consent

Account-level signals only

Individual fingerprints transmitted

Customer-isolated data

Pooled into shared intent graph (340 cos)

Delta3 of 3

▸ Behavioral threat indicators

B-04·deanonB-07·pre-consentB-12·cross-site sync

▸ Already loaded into your scanEvery vendor we observe in the browser.

Over 601+ vendors profiled

Every vendor in your stack is already in the BLACKOUT VIDB. Updated every scan.

Browse the VIDB →

03 // THE DOLLAR METHODOLOGY

Not a risk score. A dollar figure.

What you pay them$85,000annual contract

What they access$318,000raw data access value

extraction multiple3.7×

▸ After confidence + competitive caps

$130K – $175K

of revenue at risk annually

Range reflects the methodology's honesty discount. Competitive Exposure Factor capped at 60%. Exfiltration Confidence weighted per data class.

See every formula

▸ Worked example: $40M ARR B2B SaaS, 50K monthly visitors, 6sense at $85K/yr. Customer values vary; every input is overridable in product.

04 // FOUR LINES ON YOUR P&L

Four ways your vendors take revenue. Every line, every quarter.

Each one is observable. Each one is calculable. Each one compounds.

Track 01CAC Subsidization

Calculable

You fund your competitor's targeting.

The vendor pools your CRM signal with your competitors'. Both of you then buy the graph back. Every dollar you spend strengthens the auction that's bid against you.

▸ Evidence

visitor identity exfil pre-consent · OAuth scope on CRM · vendor customer overlap with competitors

$130K – $175K /yr per major vendor

Track 02Attribution Corruption

Estimable

Your forecast is built on signal you can't trust.

Vendor scripts manufacture identity events your analytics ingests as real. The same vendors take credit for the pipeline they helped fabricate. CAC, channel mix, and forecast all read off corrupted data.

▸ Evidence

third-party fingerprinting events · circular attribution loops · same-vendor input/output paths

8 – 22% of demand-gen budget at risk

Track 03Renewal Asymmetry

Calculable

They know your pipeline before your renewal call.

A vendor with CRM access sees your deal velocity, growth trajectory, and competitive losses. Their AE walks into renewal with that intelligence. Yours doesn't.

▸ Evidence

OAuth scopes granted vs. documented product need · API pull frequency on deal records

15 – 25% renewal premium, every contract year

Track 04Pipeline Leak

Binary

Your deals are someone else's market data.

When deal stages, values, and close dates leave your CRM, they don't disappear. They surface as someone's buying signal, competitive intelligence, or deal flow. Your active opportunities become the trade.

▸ Evidence

deals.read / pipeline.read OAuth scope · undisclosed subprocessor relationships

The finding is the number

One vendor. Four lines. Every quarter.

▸ Methodology — four tracks

05 // OPERATIONAL LIFECYCLE

Monitor. Analyze. Enforce.

01 / Monitor

BLACKOUT://MONITORLIVE

14:32:186sense.js

exfil

14:33:01unknown.io

deanon

14:34:22bombora

intent

14:35:11rb2b.io

ident

Today47 events

Default mode. Every browser-side request, every payload, priced live.

02 / Analyze

BLACKOUT://ANALYZE5 PENDING

6senseENFORCE

RB2BENFORCE

BomboraREVIEW

HubSpotALLOW

DriftREVIEW

Recommendations queued.2 high-confidence

Agents read the stream. Math, impact, and security write-up done.

03 / Enforce

BLACKOUT://ENFORCEENFORCING

6senseStripped

RB2BStripped

CHEQStripped

HubSpotAllowed

BomboraStripped

Reversible anytime.4 active

One click per vendor. Reversible per policy. Verify in monitor mode before enforce.

06 // THE BOUNDARY

Stop the leak. Keep the vendor.

Every browser-side vendor request passes through Blackout before it leaves your site. Identity gets stripped at the boundary. The vendor receives a 200 OK. Session function is verified per vendor in monitor mode before enforce.

BLACKOUT://BOUNDARY/INTERCEPT_TRACELIVE

▸ Vendor wants to send14:32:18.227

GET https://b.6sc.co/track

? visitor=abc123-pii-fingerprint

& ipv6=2607:f8b0:4004::1a3

& company_id=acme-corp-42

& account_score=0.87

& page=/pricing

& session=anon

Boundarystrip 4 · keep 2

▸ Wire on arrival (post-strip)14:32:18.229

GET https://b.6sc.co/track

? page=/pricing

& session=anon

← 200 OK · 12msLoader path preserved

14:32:18.227 → 14:32:18.241 · 14ms totalBOUNDARY 200 OK

You set the policy. We enforce it at the boundary.

▸ Reversible per-vendor · No code changes · No CDN swap

07 // THE AGENTS

One reaches out. One listens.

Two surfaces, same evidence corpus. Both grounded in your scan, your contracts, and the BLACKOUT corpus. Neither one guesses.

Policy Advisor · proactive

▸ Policy Advisor

ENFORCE

Vendor

6sense

What's this costing you?

$130K–$175K in annualized revenue at risk. Pipeline data pooled into a shared graph 340 companies query. Range reflects confidence band per the methodology.

Will your tools still work?

Enforcement strips visitor identity exfil but preserves the ABM scoring API your team uses. No measurable workflow impact.

What do you tell your CISO?

3 BTI categories triggered, HAR evidence captured, pre-consent firing confirmed across 3-pass scan. One-click export.

Recommendation generated 2 min ago

Reads every scan. Does the math. Puts the recommendation on your desk before you ask.

Co-pilot · on-demand

BLACKOUT · co-pilot

⌘K

Ask anything about your stack…↵

▸ Try asking

“What changed since last week?”drift report
“Show me the evidence for 6sense.”vendor file
“If I enforce RB2B, what breaks?”impact analysis
“Which vendors aren't in our DPA?”contract gap
“Export the security advisory for HubSpot.”CISO handoff

✓ Groundedscan · contracts · BLACKOUT corpus

When you have a question. Answers cite scan IDs, evidence rows, and contract clauses. Not the model's training set.

08 // CMO ↔ CISO

One click. Two languages.

The first time you bring your CISO something they didn't know, the dynamic changes permanently. Watch the handoff.

▸ Your dashboard

Finding · 6sense

$130K – $175K

Annualized at risk · 1.8× contract value

Pooled with 340 companies in shared intent graph.
Recommendation: enforce. No functional impact.
ABM scoring API keeps working as-is.

one click

~2 sec

one click

▸ ciso@yourcorp.com

Subject · Security advisory

BLACKOUT // Vendor: 6sense // 3 IOC matches

12 undisclosed outbound endpoints.
Pre-consent identity exfil confirmed (HAR attached).
BTI: B-04 / B-07 / B-12.
Chain of custody: SHA-256 hashed, court-ready.

3 attachmentsDelivered

You don't need to translate it. It arrives translated.

Bring the receipts.

Enter your domain. Your first receipt is 60 seconds away.

Start the scan

▸ Free · No signup · No credit card · 600+ vendor signatures