SME-SHIELD: A Scalable AI Architecture for Third-Party Cyber Risk Assessment in Small and Medium Enterprises (SMEs)

Small and Medium-Sized Enterprises (SMEs) face increasing exposure to cyber risks through third-party vendors, but often lack access to advanced evaluation tools. Existing Third-Party Risk Management (TPRM) systems are typically resource-intensive, complex, and inaccessible to most SMEs. In this research, we introduce SME-SHIELD, a scalable and explainable AI architecture designed to automate early-stage vendor risk assessments. Unlike conventional NLP-dependent models, SME-SHIELD combines graph-based vendor modeling, open-source threat signal aggregation, and an ensemble risk scoring engine. The system leverages weak supervision and probabilistic reasoning to generate actionable, interpretable risk outputs. The architecture was tested on real-world data that contains 50 SMEs across various sectors and regions. The results of the analysis show that the proposed architecture achieves better accuracy, a high F1 score, and robust alignment with the expert-labeled ground truth. SME-SHIELD is particularly useful in data-scarce contexts, offering a lightweight and cost-effective solution for SME-scale cyber governance.