Bitsight unveils dark web tool to secure supply chains

Bitsight has launched a dark web intelligence service for supply chains, aiming to give organisations earlier visibility into threats affecting suppliers and partners.

The product, Dark Web Intelligence for Supply Chains, draws on material from the deep web, dark web and open web and ties it to an organisation's third-party ecosystem. It flags when a vendor is being discussed, targeted or breached, including cases not yet publicly disclosed.

Supply chain security has gained attention as organisations rely on sprawling networks of technology providers, outsourcers and specialist partners. The World Economic Forum reports that 78% of chief executives cite supply chain and third-party dependencies as a leading resilience challenge. In cyber security, this dependence can increase the routes attackers use to reach an organisation.

Bitsight says the service is designed to reduce the time between attacker activity and customer awareness. Many risk teams learn about third-party incidents only after vendor notifications or public reporting, leaving less time for internal coordination and assessment.

How It Works

The service maps live intelligence to a customer's vendor landscape, rather than issuing broad alerts. It then links that intelligence to vendor exposures-weaknesses relevant to the supplier's environment.

It can also map third-party exposures to attacker tactics, techniques and procedures using the MITRE ATT&CK framework. This focuses on how threat actors may exploit weaknesses at a supplier, rather than relying solely on generic vulnerability lists.

The service identifies breach indicators across suppliers and partners using curated sources, including signals from underground forums and marketplaces. It also captures discussions that suggest an organisation or vendor is drawing attacker attention.

Another element is prioritisation. Bitsight's Dynamic Vulnerability Exploitability scoring predicts which vulnerabilities are likely to be targeted based on observed exploit activity, rather than theoretical severity alone.

Risk And Security

Bitsight says the service can be used by governance, risk and compliance teams, third-party risk management functions and security operations centres. These groups often operate with different dashboards, processes and reporting lines, which can slow response during incidents involving suppliers.

The product is intended to provide a shared view of third-party threats with actionable security context. Bitsight also points to operational steps organisations may take when a supplier comes under pressure, such as tightening access, increasing monitoring and limiting downstream exposure.

"For most organizations, the difference between containing a third-party incident and reacting to it comes down to timing, context, and prioritization," said Greg Keshian, Chief Product Officer at Bitsight.

"Bitsight Dark Web Intelligence for Supply Chains uses AI to surface active threat and breach signals and map them directly to an organization's supply chain, so teams know which vendors are being targeted, which weaknesses matter, and where to act - while attacks are still unfolding."

Customer View

Wienerberger Chief Information Security Officer Christoph Schacher said dark web intelligence has changed the company's approach to third-party risk.

"Deep and dark web intelligence has changed how we manage third-party risk," Schacher said. "It gives us clear and early visibility into threats emerging across our supply chain, sometimes even before vendors themselves are aware, allowing us to assess impact and respond with confidence instead of reacting after the fact."

Availability

Dark Web Intelligence for Supply Chains is available as part of Bitsight Continuous Monitoring, with additional features to be added over time.

The launch comes as security teams face growing pressure to assess third-party exposure in near real time, particularly when suppliers have access to sensitive systems or process customer data. Bitsight positions the service for ongoing monitoring across vendor ecosystems, rather than one-off assessments.