Black Kite is a finalist in the 2026 SC Awards for continued innovation and leadership in third-party cyber risk intelligence.Learn more

Black Kite Blog

Keyword Search
blog

Half of All Breaches Now Involve a Third Party. the 2026 Dbir Makes the Case You Can't Ignore.

The 2026 Verizon DBIR confirms vulnerability exploitation is the #1 breach vector. Here's what the data means for your third-party risk program.

Jun 3, 2026
blog

The AI Vulnerability Race Is Accelerating, and It’s Highlighting a Concentration Risk Problem

Mythos, Daybreak, and new data breach research all point at the same problem: concentration risk in your vendor ecosystem is getting harder to ignore.

Jun 2, 2026
blog

Focus Friday: TPRM Insights on Critical Vulnerabilities in Langflow, Freebsd, and Memcached

TPRM analysis of critical CVEs in Langflow, FreeBSD, and Memcached. See which vendors are exposed and how to prioritize remediation. s

May 29, 2026
blog

The Vulnerability Deluge: 5 Questions Your Board Will Ask About Mythos and Other Frontier Models

The vulnerability deluge is a board-level business risk. Here are 5 questions your directors will ask about Mythos — and how to answer them.

May 28, 2026
blog

Mythos Is Hardening Enterprise Security. It's Also Softening Your Supply Chain.

Mythos is a leap in vulnerability discovery. It's also widening the gap between enterprise security and mid-market supplier risk. Here's the data.

May 26, 2026
blog

Focus Friday: TPRM Insights on Critical Vulnerabilities in Exchange Server, Nginx-poolslip, Openclaw, Flowise, Postgresql, Mongodb, Pgadmin, Freepbx, and N8n

TPRM analysis of critical CVEs in Exchange Server, nginx, OpenClaw, Flowise, PostgreSQL, MongoDB, PgAdmin, FreePBX, and n8n. See which vendors are exposed and h...

May 22, 2026
blog

Focus Friday: TPRM Insights on Critical Dead.letter (exim), Microsoft Sharepoint, and Mssql Vulnerabilities

TPRM analysis of critical CVEs in Dead.Letter (Exim), Microsoft SharePoint, and MSSQL. See which vendors are exposed and how to prioritize remediation.

May 15, 2026
blog

What Ccpa Means for Your Tpcrm Program

For CISOs and GRC teams: here's what CCPA's "reasonable and appropriate steps" standard looks like in practice for your vendor oversight program and where enfor...

May 14, 2026
blog

The Canvas Breach Was More Than an Edtech Problem. It Was a Concentration Risk Problem.

The Canvas breach exposed how concentration risk in vendor ecosystems can turn a single breach into an industry-wide crisis. Here's what every industry can lear...

May 13, 2026
blog

Automating Third-party Cyber Risk Management with Black Kite & Torq

Automating third-party cyber risk management with Black Kite & Torq: how the integration turns FocusTag® alerts into automated remediation workflows.

May 12, 2026
blog

Focus Friday: TPRM Insights on Critical Vulnerabilities in Cpanel & Whm, Redis, and Ivanti Epmm

TPRM analysis of critical CVEs in cPanel & WHM, Redis, and Ivanti EPMM. See which vendors are exposed and how to prioritize remediation now.

May 8, 2026
blog

Two Crq Experts Walked Into a Webinar. Nobody's Heat Map Survived.

Jack Jones and Black Kite CSO Bob Maley on why color-coded risk reporting fails — and how CRQ gives boards language they actually trust.

May 5, 2026

Ready to connect cyber risk intelligence to your entire risk program?

Integrate risk intelligence into every part of your workflow so you can make more informed decisions with confidence.