Black Kite
Third party & supplier risk management software
Threat intelligence software
Vendor security and privacy assessment software
Risk-based vulnerability management software
System security software
Risk assessment software
Vulnerability management software
- Features
- Ease of use
- Ease of management
- Quality of support
- Affordability
- Market presence
Take the quiz to check if Black Kite and its alternatives fit your requirements.
Contact the product provider
Free Trial unavailableFree version unavailable
Small
Medium
Large
- Information technology and software
- Media and communications
- Healthcare and life sciences
What is Black Kite
Black Kite is a third-party cyber risk management platform that provides continuous, external security ratings and risk signals for vendors and suppliers. It is used by security, risk, and procurement teams to monitor third-party exposure, prioritize follow-ups, and support vendor due diligence. The product emphasizes outside-in measurement, automated discovery of internet-facing assets, and evidence-backed findings that can be shared with vendors for remediation.
Continuous external risk monitoring
Black Kite continuously assesses third parties using outside-in telemetry rather than relying only on periodic questionnaires. This supports ongoing monitoring programs where vendor risk changes between annual reviews. It is well-suited for organizations that need scalable coverage across large vendor portfolios. The approach can reduce manual effort for initial triage and re-assessments.
Evidence-linked findings and context
The platform ties ratings and risk factors to underlying observations (for example, exposed services, misconfigurations, or breach-related signals) to support validation and vendor conversations. This helps risk teams explain why a vendor is flagged and what to remediate. Evidence-based reporting can also support audit and governance workflows. The focus is on actionable risk drivers rather than a single opaque score.
Vendor engagement and workflows
Black Kite supports workflows for sharing findings with vendors and tracking remediation progress over time. This aligns with third-party risk programs that require documented communication and follow-up. It can complement procurement and GRC processes by providing cyber-specific risk inputs. The workflow orientation helps move from detection to resolution rather than only reporting.
Outside-in visibility limitations
As an external ratings platform, Black Kite primarily measures what is observable from the internet and other external sources. It may not capture internal control effectiveness, secure development practices, or non-internet-facing assets without vendor participation. Organizations often still need questionnaires, attestations, or direct evidence collection for deeper assurance. This can create parallel processes for high-risk vendors.
Potential for disputed findings
External scanning and attribution can produce false positives or asset-mapping disputes, especially for complex vendor environments or shared hosting. Vendors may challenge whether an issue belongs to them or whether it is already mitigated. This can add time to validation and remediation tracking. Strong governance is needed to manage exceptions and evidence review.
Not a full VRM replacement
While it provides cyber risk signals, it does not replace broader vendor risk management needs such as financial, operational, compliance, and contract lifecycle controls. Teams may need integrations or separate systems for intake, onboarding, contract metadata, and non-cyber risk scoring. Program maturity determines how much value is realized from continuous ratings. Implementation typically requires aligning stakeholders across security, risk, and procurement.
Plan & Pricing
| Plan | Price | Key features & notes |
|---|---|---|
| Standard | Custom pricing — contact sales (not publicly listed) | Full-featured TPRM platform (no capabilities hidden behind paywalls); includes onboarding, enablement, configuration; unlimited users at no additional cost; standards-based risk intelligence, risk quantification (Open FAIR™), continuous monitoring and compliance mapping. |
| Enterprise | Custom pricing — contact sales (not publicly listed) | All Standard features plus enterprise-scale support and integrations, advanced reporting and portfolio/insurance capabilities; onboarding included; unlimited users; custom contract terms. |
Seller details
Black Kite, Inc.
Boston, Massachusetts, USA
2016
Private
https://blackkite.com
https://x.com/BlackKiteInc
https://www.linkedin.com/company/black-kite/
