Dimension scores are derived from public data and fields; weighted into the composite. Reference only.
Black Kite positions itself as an AI-native third-party cyber risk management platform. Its core goal is to centralize cyber risk across vendors, partners, and deeper Nth-party dependencies into a single source of truth. Rather than being a traditional one-off questionnaire tool, it emphasizes real-time, multi-source validated external risk intelligence for TPRM, supply-chain cyber risk, ransomware early warning, compliance management, and board-level risk quantification.
In terms of protection coverage, Black Kite supports vendor onboarding assessments, continuous monitoring, risk response, remediation collaboration, and compliance reporting. Its scoring and evidence are mapped to open frameworks such as NIST, MITRE ATT&CK, and CVSS, and it uses Open FAIR™ to estimate potential financial impact, making it easier to translate “high risk” into business language. Its AI document parsing can process security policies, SOC 2 reports, and trust center materials, mapping them to frameworks such as NIST, ISO 27001, SOC 2, HIPAA, PCI DSS, and GDPR. The supply-chain module can identify fourth-party, fifth-party, and Nth-party relationships, analyzing concentration risk and cascading risk. RSI™ is used to predict the likelihood of a vendor being hit by ransomware, while FocusTags® provide real-time tagging when critical vulnerabilities, attack campaigns, or major incidents emerge.
The source text does not clearly specify the deployment model, but judging from the real-time dashboards, platform modules, and Book a Demo flow, it appears to be positioned more as an enterprise platform service. Management capabilities include vendor inventory, audit-ready records, historical risk comparisons, control gaps, remediation tracking, and supplier collaboration through Black Kite Bridge™. For integrations, it explicitly mentions connectivity with ServiceNow, LogicGate, and other GRC/risk management systems, allowing security ratings, compliance status, and risk intelligence to feed into existing workflows.
Pricing is not publicly disclosed; only a Book a Demo option is available, suggesting that it is more likely based on custom enterprise quotes. Its strengths include transparent framework mapping, broad coverage, the ability to connect supply-chain risk with financial impact, and reduced reliance on self-assessment questionnaires. Limitations include an opaque procurement threshold and a feature set aimed at enterprise-grade TPRM, which may feel complex for smaller teams. The source text also does not disclose SLA details, data residency, Chinese-language support, or delivery information for mainland China.
Black Kite is better suited to organizations in finance, healthcare, technology, manufacturing, retail/wholesale, and the public sector that manage large vendor ecosystems, face significant regulatory pressure, and need board-level reporting. There is no evidence in the source text regarding access from China, so it is rated as unknown; network connectivity, contract payment, and data compliance should be tested and confirmed with sales. Alternatives include SecurityScorecard, BitSight, RiskRecon, UpGuard, as well as domestic third-party risk management and supply-chain security platforms.
⚠ This review is compiled from public sources and does not constitute a purchase recommendation. Verify all facts on the vendor's official site. Verify on blackkite.com official site.
blackkite.com is an United States Security provider. TG4G tracks its product information, an overall rating of 8.0/10, and a China-accessibility score of Workable. Click "Visit Official Site" to reach blackkite.com directly.