Black Kite has introduced a new AI-powered solution designed to simplify and accelerate third-party cyber risk assessments. By prioritizing automation over traditional manual questionnaires, the company is aiming to eliminate friction in vendor evaluations and strengthen cyber resilience across supply chains.
The new approach reimagines the assessment process, replacing lengthy forms and lagging timelines with automated intelligence that pulls from vendor documentation and trust center data. With built-in AI, the platform maps inputs to industry-standard frameworks, and if additional clarity is needed, targeted questionnaires can still be issued. The result is a more dynamic, auditable, and scalable method for managing vendor cyber risk.
In third-party risk management today, scalability remains one of the most pressing challenges. As vendor ecosystems grow, many organizations struggle to assess each supplier effectively, often bypassing smaller vendors entirely due to limited time and resources.
“Black Kite's new capability shortens the time spent on any one particular assessment. This allows our customers to perform many more assessments than they typically do today using the same resources they have. With this massive time-savings, they can actually perform assessments on vendors they previously glossed over or ignored entirely.”
The tool integrates directly into the Black Kite platform and is built around three key pillars:
End-to-End Automation: Cyber assessments begin with existing data sources and AI-assisted document parsing. The platform automates control mapping and generates assessment responses, reducing time and manual effort.Reliable Risk Insights: By analyzing audit-quality documents and surfacing actionable findings, the system provides an accurate view of vendor risk. Insights are quantified using Open FAIR to support business decision-making.Collaboration and Visibility: The Bridge workspace facilitates ongoing communication with internal stakeholders and vendors. It also enables real-time tracking of changes and centralizes all documentation for audit readiness. Another key differentiator is the platform’s flexibility. Organizations that still rely on traditional questionnaires can use Black Kite to accelerate those processes. But the most significant gains come from rethinking the workflow entirely.
“Black Kite's AI-powered assessments meet the customer where they are. If the customer is still issuing questionnaires, the AI can speed the reading process from hours or days to minutes,” Schauber explains. “But with some process changes, customers should pivot toward a documentation-collection-first, questionnaire-last mentality. This can reduce assessment time from weeks or months to minutes or hours.”
This automation-first model marks a shift from legacy assessment practices. Rather than beginning with static forms, organizations can now start with real intelligence to quickly evaluate third-party risk and act accordingly.
The platform also opens new doors for MSSPs and security service providers. With automation eliminating the need for upfront hiring to scale assessment services, MSSPs can now cost-effectively enter the third-party risk management (TPRM) market.
“Previously, MSSPs who wanted to enter the TPRM market had to do massive hiring before launching a service. This was a major cost hurdle,” says Schauber. “Our cyber assessments solution, combined with our MSSP channel offerings, opens up an entirely new market for MSSPs—especially those already serving self-monitoring customers. We see MSSPs as a major driver in the TPRM space going forward.”
Black Kite’s AI-powered cyber assessments are available as part of its broader platform, which also includes the Assess, Extend, and Monitor modules.
