Black Kite: Funding, Team & Investors | Startup Intros

Date	Round	Other Investors
Oct 1, 2021	$22.0M Series B	FirstMark Capital, Volition Capital
Oct 1, 2020	$8.0M Series A	Glasswing Ventures, Summit Partners
Feb 1, 2019	$4.0M Seed	Data Point Capital, Glasswing Ventures, RRE Ventures, Summit Partners, Steve Krausz

# Black Kite: Third-Party Cyber Risk Intelligence Platform

High-Level Overview

Black Kite is a cybersecurity software company that provides third-party risk management and cyber intelligence solutions for enterprises.[2] The company builds a standards-based intelligence platform that helps organizations identify, monitor, and quantify cyber risk across their vendor ecosystems—addressing a critical gap in how businesses manage supply chain security.[1][2]

The platform serves security and business leaders by moving beyond traditional vendor questionnaires to deliver continuous, evidence-based risk visibility. Black Kite's core offering combines three assessment dimensions: technical cyber ratings based on MITRE standards, financial impact analysis using the Open FAIR model, and automated compliance mapping across 14 global standards.[1][2] This approach enables enterprises to prioritize remediation efforts, communicate risks to stakeholders, and prevent breaches before they cascade through interconnected business networks.

Origin Story

Black Kite was founded in 2016 by Candan Bolukbas, a certified ethical hacker (CEH) who previously worked for NATO uncovering cybercriminal vulnerabilities affecting member countries.[4] Bolukbas's breakthrough insight emerged from his security work: vulnerable third-party contractors often serve as stepping stones to primary targets, making vendor risk a systemic blind spot for most organizations.[4] This realization sparked the creation of a cyber risk rating platform designed to identify and continuously monitor third-party threats at scale—fundamentally reimagining how enterprises approach supply chain security.[4]

The company's founding was informed by real-world cautionary tales, including the Target breach, where a small HVAC vendor became the gateway to a massive data compromise, illustrating how interconnected business networks amplify cyber exposure.[3]

Core Differentiators

Non-intrusive technical assessment: Black Kite scans vendor digital footprints across 19 technical categories without requiring direct system access, distilling complex vulnerability data into simple letter grades.[1]

Financial risk quantification: The platform calculates probable economic impact of breaches using the industry-standard Open FAIR model, translating technical risk into business language that resonates with financial stakeholders and C-suite executives.[1][2]

Continuous intelligence gathering: Rather than relying on annual questionnaires that provide point-in-time snapshots, Black Kite leverages real-time cyberspace and dark web intelligence to detect emerging threats and ransomware susceptibility.[3]

AI-powered risk metrics: The company employs artificial intelligence and proprietary risk indices—including the Adversary Susceptibility Index (ASI)—to move beyond traditional assessment methods.[3]

Automated compliance mapping: The platform eliminates manual questionnaire burden by automatically measuring vendor compliance across 14 different global standards using publicly disclosed information.[1]

Integrated risk response: Black Kite enables collaborative remediation by allowing teams to share vulnerabilities directly with vendors, assign tasks, and track mitigation efforts within a unified platform.[1][2]

Role in the Broader Tech Landscape

Black Kite operates at the intersection of two critical market forces: the explosive growth of third-party vendor ecosystems and the rising sophistication of supply chain attacks. As organizations increasingly depend on complex networks of contractors, partners, and suppliers, their attack surface has fundamentally expanded beyond their own infrastructure.[3]

The company addresses a market dysfunction: traditional vendor risk management relies on questionnaires sent once or twice annually, creating a false sense of security that doesn't reflect actual cybersecurity maturity or real-time threat conditions.[3] Black Kite's continuous monitoring approach aligns with broader industry shifts toward real-time visibility and automated risk quantification—trends accelerated by regulatory pressure (SOC 2, ISO 27001, GDPR compliance requirements) and high-profile breaches that have exposed the fragility of interconnected business networks.

By translating technical cyber risk into financial terms, Black Kite also bridges a persistent gap between security teams and business leadership, enabling data-driven risk prioritization and resource allocation across enterprise organizations.

Quick Take & Future Outlook

Black Kite is positioned to capture significant market share in the rapidly expanding third-party risk management (TPRM) category, where enterprises are increasingly recognizing that vendor security is inseparable from their own resilience. The company's emphasis on continuous intelligence, financial quantification, and automated compliance mapping addresses pain points that traditional point-in-time assessment tools cannot solve.

Looking ahead, Black Kite's influence will likely grow as regulatory frameworks increasingly mandate supply chain risk visibility and as organizations face mounting pressure to demonstrate nth-party risk awareness (risks introduced by vendors' vendors). The convergence of AI-powered threat detection, real-time monitoring, and business-aligned risk metrics positions the company to become a foundational layer in enterprise security infrastructure—much as vulnerability scanning and SIEM platforms became essential decades ago. The question is not whether third-party risk management becomes table stakes, but how quickly enterprises adopt continuous, intelligence-driven approaches over legacy questionnaire-based methods.

# Black Kite: Third-Party Cyber Risk Intelligence Platform

High-Level Overview

Origin Story

Core Differentiators

Non-intrusive technical assessment: Black Kite scans vendor digital footprints across 19 technical categories without requiring direct system access, distilling complex vulnerability data into simple letter grades.[1]

Financial risk quantification: The platform calculates probable economic impact of breaches using the industry-standard Open FAIR model, translating technical risk into business language that resonates with financial stakeholders and C-suite executives.[1][2]

Continuous intelligence gathering: Rather than relying on annual questionnaires that provide point-in-time snapshots, Black Kite leverages real-time cyberspace and dark web intelligence to detect emerging threats and ransomware susceptibility.[3]

AI-powered risk metrics: The company employs artificial intelligence and proprietary risk indices—including the Adversary Susceptibility Index (ASI)—to move beyond traditional assessment methods.[3]

Automated compliance mapping: The platform eliminates manual questionnaire burden by automatically measuring vendor compliance across 14 different global standards using publicly disclosed information.[1]

Integrated risk response: Black Kite enables collaborative remediation by allowing teams to share vulnerabilities directly with vendors, assign tasks, and track mitigation efforts within a unified platform.[1][2]

Black Kite

Recent News & Mentions

Financial History

Funding Rounds Raised

Financial History

Deep Dive

High-Level Overview

Origin Story

Core Differentiators

Role in the Broader Tech Landscape

Quick Take & Future Outlook

Sources

Frequently Asked Questions

Frequently Asked Questions

Frequently Asked Questions

Recent News & Mentions

Deep Dive

High-Level Overview

Origin Story

Core Differentiators

Role in the Broader Tech Landscape

Quick Take & Future Outlook

Sources

Financial History

Funding Rounds Raised