Black Kite, an “AI-native third-party cyber risk management platform,” and Shared Assessments, “a member-driven organization committed to advancing best practices and standards,” have teamed up on a “Global Adaptive AI Assessment Framework,” which they unveiled Nov. 12 and characterize as the “first truly global framework for assessing AI risk.”
Bob Maley, the former CISO for the Commonwealth of Pennsylvania and now CISO of Black Kite, led on crafting the framework intended to help organizations assess and manage risks around artificial intelligence.
“Third party risk management teams are challenged on two key fronts: the proliferation of AI that has outpaced the ability of traditional risk frameworks to keep up, and existing AI risk assessments that are fragmented, overlapping, and unique to specific industries, geographies, or regulatory bodies,” Maley said in a Nov. 12 announcement.
“We are solving these challenges with the release of our Global Adaptive AI Assessment Framework. To ensure BK-GA³™ becomes the trusted, global standard for AI risk assessment, we engaged with Shared Assessments, a leader in furthering the industry of third-party risk management. This exciting release marks the first of future endeavors as we continue to work together in the development of cutting-edge solutions to uncover vendor cyber risk,” Maley said.
The framework, according to the release, offers:
- Continuous Adaptation: Regularly updated by the BK-GA³™ working committee to reflect evolving standards and emerging AI threats.
- Global Assurance Alignment: Maps to established frameworks, such as ISO, NIST, and more.
- Unified Best Practices: Synthesizes best practices from hundreds of unique requirements across 50+ assessment frameworks into a single standard.
- Built-in Intelligence: Considers OSINT and insights from the Black Kite Research Group to stay aligned with the latest trends and emerging AI threats.
Third Party Risk Association CEO Julie Gaiaschi said in a statement, "Black Kite's new AI framework of frameworks brings together the best practices from many different frameworks into one standard, BK-GA,³™ which gives organizations a shared foundation to address AI risk more effectively. Open, community-accessible frameworks are essential for managing risk, and they become even more critical due to the complex web of third-party dependencies and the rapid, widespread adoption of AI."
According to Black Kite, “BK-GA³™ is available both publicly and through the Black Kite platform. The publicly available component is a freely accessible AI risk framework developed with input from industry leaders and supported with continued collaboration from Shared Assessments. Black Kite customers can access the new framework through the Black Kite platform, where they can automatically assess vendor AI risks.”