Orpheus Third-Party Risk Management is a cloud-based SaaS platform that monitors and assesses cyber risk in third parties and supply chains on an ongoing basis. The platform operates without requiring input from vendors, making it scalable and immediately actionable. The solution combines threat intelligence with vulnerability analysis to calculate the likelihood of entities becoming victims of cyber attacks. It provides threat-led cyber risk ratings that incorporate threat actor activity, including dark web mentions and analyst intelligence, alongside attack surface analysis. The platform includes risk-based vulnerability management capabilities that identify severe unpatched CVEs currently being exploited by threat actors requiring urgent remediation. Organizations can add multiple entities to monitor, view changes in risk ratings over time, and generate summary reports for all monitored organizations. The system is designed to align with NIST principles for supply chain security, moving beyond point-in-time self-assessment questionnaires to provide continuous risk monitoring. Orpheus is described as a government-accredited threat intelligence company, and the platform enables organizations to proactively identify and respond to threats emanating from their supply chain.