Black Kite launches AI Agent to automate third-party risk work

Black Kite announced the release of Black Kite AI Agent, an agent that automatically investigates, assesses, and reports on third-party risk.

“Our strong performance validates that our accuracy, scalability, and transparent approach is more than meeting the demands to avoid disruptions and reduce the administrative costs associated with legacy third-party cyber risk management,” said Paul Paget, CEO, Black Kite.

“Managing third-party cyber risk is one of the most dynamic and complex challenges facing business leaders today. We are honored that our customers collaborate with us, sharing their insights into this problem. Their ideas inspire Black Kite to continually innovate and deliver enterprise-scale capabilities. Black Kite AI Agent is an example of the company’s collaboration with its customers to provide critical insights and further automate the laborious tasks involved in managing risk across an organization’s extended ecosystem,” Paget continued.

Agent investigates, assesses, and reports on third-party risk

Black Kite was founded with a mission to give security professionals a complete and accurate view of their cyber ecosystem risk. From the very beginning, AI has played a central role in achieving that mission. The Black Kite AI Agent exposes these advanced AI capabilities directly to customers, enabling security teams to investigate, assess, and report on third-party risk more efficiently. With this new capability, Black Kite continues to set itself apart and lead the future of third-party cyber risk management (TPCRM).

Fully embedded across the platform, Black Kite AI Agent enables users to ask questions in the context of any page or use pre-built “Blueprints” to launch deep investigations, generate custom reports, and more. Black Kite AI Agent is powered by a network of sub-agents so that when a user asks a question or uses a Blueprint, the appropriate sub-agents are automatically launched to handle the task.

Key features and benefits include:

• Deep investigations: Investigates vendor findings, changes in risk scores, cyber ratings, RSI, and the impact of breaches on third-party networks.
• Executive and board reporting: Generates custom reports and board communication packages with risk trends, concentration areas, and impact with charts and metrics.
• Procurement decision support: Benchmarks prospective vendors with side-by-side risk scores, RSI, breach history, and financial impact analysis to support onboarding decisions and contract negotiations.
• Navigation guidance: Provides instant answers, guidance, and navigation tips based on best practices, help articles, and support tickets to maximize platform utilization and value.
• Build and scale TPRM: Gives expert TPRM advice to guide in building and scaling a third-party risk management program, such as key processes, team structure, and R&Rs.
• Vendor prioritization: Ranks vendors by severity and business impact, analyzing findings, FocusTags, score changes, RSI, and more to highlight the most urgent cases for action.
• Document Q&A: Enables the ability to query vendor documents (e.g., SOC 2 reports, ISO certifications, policies) by asking plain-text questions (e.g., “Do they require MFA?”) to extract control-specific information.