Prosecution Insights
Last updated: July 17, 2026
Application No. 18/423,055

SYSTEMS AND METHODS FOR MITIGATING THIRD-PARTY CODE VULNERABILITIES IN AI-ASSISTED CODE GENERATION

Non-Final OA §101§103§112
Filed
Jan 25, 2024
Examiner
SAVENKOV, VADIM
Art Unit
2432
Tech Center
2400 — Computer Networks
Assignee
Microsoft Technology Licensing, LLC
OA Round
1 (Non-Final)
62%
Grant Probability
Moderate
1-2
OA Rounds
11m
Est. Remaining
82%
With Interview

Examiner Intelligence

Grants 62% of resolved cases
62%
Career Allowance Rate
193 granted / 314 resolved
+3.5% vs TC avg
Strong +21% interview lift
Without
With
+20.8%
Interview Lift
resolved cases with interview
Typical timeline
3y 4m
Avg Prosecution
30 currently pending
Career history
371
Total Applications
across all art units

Statute-Specific Performance

§101
1.6%
-38.4% vs TC avg
§103
92.0%
+52.0% vs TC avg
§102
2.6%
-37.4% vs TC avg
§112
2.3%
-37.7% vs TC avg
Black line = Tech Center average estimate • Based on career data from 314 resolved cases

Office Action

§101 §103 §112
DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Information Disclosure Statement The 3/13/2025 IDS document has been considered by the examiner. Claim Interpretation The following is a quotation of 35 U.S.C. 112(f): (f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. The following is a quotation of pre-AIA 35 U.S.C. 112, sixth paragraph: An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier. Such claim limitation(s) is/are: “a middleware layer” and “validation module” in claims 1-10. Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof. For instance, FIG. 1 and [0038] of the instant specification describing the middleware layer and the validation module. If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, applicant may: (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claims 1-10 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter. The claim(s) does/do not fall within at least one of the four categories of patent eligible subject matter because they are drawn to software per se, which is not considered patent eligible subject matter. Independent claim 1 is drawn to a system comprised of an LLM, a middleware layer, an AI client interface, and a validation module. These elements are not described as being implemented in hardware within the claim language, and the instant specification does not explicitly require any hardware for these elements. As such, all elements in the claim may be interpreted as software-only elements. The dependent claims do not rectify this issue, and are therefore likewise rejected. Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. Note that the courts do not distinguish between mental processes that are performed entirely in the human mind and mental processes that require a human to use a physical aid (e.g., pen and paper or a slide rule) to perform the claim limitation (refer to MPEP 2106.04(a)(2)). Example independent claim 17 recites the following abstract idea limitations: mitigating third-party code vulnerabilities in AI code generation for causing the system to: receive a code generation request from a user (obtaining and reviewing information as part of a mental process—e.g., a coder obtains a request for code via pen and paper or verbally); generate an inference based on the code generation request (evaluating information to obtain an outcome as part of a mental process—e.g., the coder writing code to satisfy the request); intercept the inference prior to its availability within an AI client user interface (obtaining and reviewing information as part of a mental process—e.g., an analyst reviewing the written code before it is sent over to the requestor, as part of quality review; an AI client user interface may be a telephonic, mail, or verbal interface); parse the inference to identify third-party packages included in the inference (observation and evaluation as part of a mental process—e.g., the analyst looking for specific information in the code); check the identified third-party packages against one or more registries of certified packages (observation and evaluation as part of a mental process—e.g., the analyst checking against a stored whitelist, which may be a written copy); and upon determining that the inference includes an uncertified third-party package that is not included in the one or more registries of certified packages (observation and evaluation as part of a mental process—e.g., the analyst checking against the stored whitelist and identifying mismatches), at least one of (i) redact the inference or uncertified third-party package or (ii) modify the inference by at least including an identification of a certified third-party package that is an alternative to the uncertified third-party package (evaluation, judgement, and opinion as part of a mental process—e.g., the analyst chooses a remedial action such as to stop the code at the quality review, or to suggest editing the code as part of quality review). Example independent claim 17 recites the following limitations which may comprise additional elements that are sufficient to amount to significantly more than the abstract idea: performing the claim limitations using a “hardware storage device comprising stored computer-executable instructions that are executable by one or more hardware processors of a system,” and generating the inference “using a large language model.” With respect to step 2A, the judicial exception is not integrated into a practical application because it is drawn to a code review process at a high level of generality, and because adding the words “apply it” (or an equivalent) with the judicial exception, or mere instructions to implement an abstract idea on a computer, or merely uses a computer as a tool to perform an abstract idea is not considered to be sufficient—see MPEP 2106.05(f). For instance, the claim is drawn to intercepting code such as a code snippet, and further reviewing the code snippet for dependencies such as a package. If the package is not known to be certified, then the code is either changed or merely suggested to be changed. This concerns steps that are performable by a human analyst (reviewing code for unwanted elements). The claim does incorporate generating code “using a large language model,” but this is considered to be the equivalent of merely using the LLM as a tool to perform the abstract idea of writing requested code. The LLM is merely specified at a high level of generality (i.e., mentioning use of one), and the claim is otherwise drawn to the review process rather than how the LLM is generating the code as a particular machine. Where the claim recites a “hardware storage device comprising stored computer-executable instructions that are executable by one or more hardware processors of a system,” this is considered to merely require implementing the abstract idea on a base level computer (processor and memory). The computer is not otherwise specified in any particular detail. As such, the invention is addressing a problem that transcends computing (reviewing code) rather than improving the functioning of a computer, or an improvement to other technology or a technical field. With respect to step 2B, the claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception because adding the words “apply it” (or an equivalent) with the judicial exception, or mere instructions to implement an abstract idea on a computer, or merely uses a computer as a tool to perform an abstract idea is not considered to be sufficient—see MPEP 2106.05(f). In this case, the “hardware storage device comprising stored computer-executable instructions that are executable by one or more hardware processors of a system” may be interpreted as any generic base level computer (processor and memory) for performing the judicial exception. Merely performing the judicial exception using a base level computer is not considered to be sufficient. Regarding generating the inference “using a large language model,” this is considered to be using a computer as a tool to perform the abstract idea. In this case, the LLM is being used to generate code at a high level of generality, without otherwise detailing the particular machine of the LLM. Independent claims 1 and 11 are substantially similar, and are therefore rejected under the same analysis as above. Regarding dependent claim 2, it recites the following limitations which may comprise additional elements that are sufficient to amount to significantly more than the abstract idea: “wherein the large language model is a Generative Pretrained Transformer.” With respect to step 2A, the judicial exception is not integrated into a practical application because the LLM is not specified at a sufficient level of detail as in the analysis above. Claim 2 further specifies the type of LLM as a Generative Pretrained Transformer at a high level of generality, but it does not otherwise detail how it differs from any other Generative Pretrained Transformer model. The particular training process, structure, and implementation are not described. Therefore, claim 2 is drawn to adding the words “apply it” (or an equivalent) with the judicial exception, or mere instructions to implement an abstract idea on a computer, or merely uses a computer as a tool to perform an abstract idea is not considered to be sufficient (see MPEP 2106.05(f)) in the same manner as described in the analysis of claim 1 above. With respect to step 2B, the claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception because adding the words “apply it” (or an equivalent) with the judicial exception, or mere instructions to implement an abstract idea on a computer, or merely uses a computer as a tool to perform an abstract idea is not considered to be sufficient—see MPEP 2106.05(f). In this case, the type of LLM is being used to generate code at a high level of generality, without otherwise detailing the particular type of machine of the LLM. Regarding dependent claims 3-4 and 7-10, they are considered to merely further specify the mental process steps (reviewing the code and modifying it/suggesting modifications) which may be performed by a human analyst. As such, these claims are rejected under the same analysis as claim 1 above. Regarding dependent claim 5, it recites the following abstract idea limitations: wherein the one or more registries of certified packages are updated in real-time to reflect security patches and updates (observation and judgement as part of a mental process—e.g., the analyst can also update the whitelist as soon as they receive any written or verbal information about changes to listed information). As such, claim 5 is rejected under the same analysis as claim 1 above. Regarding dependent claim 6, it is rejected for substantially the same reasons as claims 1 and 5 above (e.g., the analyst choosing using a given category of whitelist). Regarding dependent claims 12-16 and 18-20, they are substantially similar to elements of claims 1, 11, 17, and 2-10 above. As such, they are likewise rejected under the same analysis. Claim Rejections - 35 USC § 112 The following is a quotation of 35 U.S.C. 112(b): (b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph: The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. Claim 18 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention. Claim 18 recites “wherein the system is caused to redact the uncertified third-party package from the inference,” which renders it indefinite in the case where “(i) redact the [1] inference or [2] uncertified third-party package” is chosen in parent claim 17. Specifically, if “redact the… [2] uncertified third-party package” is chosen in the parent claim, then it is not clear how to interpret “wherein the system is caused to redact the uncertified third-party package from the inference” in claim 18. In the aforementioned case, the uncertified third-party package is already redacted from the inference. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 1-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Graves (US 12,323,449 B1) in view of Martick (US 2021/0152544 A1). Regarding claim 1, Graves discloses: A system for mitigating third-party code vulnerabilities in AI code generation services, the system comprising: a large language model configured to generate an inference based on a user's code generation request; Refer to at least FIG. 19 and Col. 115, Ll. 48-Col. 116, Ll. 50 of Graves with respect to an LLM that generates code responsive to a user’s code generation prompt. a middleware layer (the code configured to perform the assessment—e.g., a plugin in Col. 125, Ll. 67 of Graves) configured to intercept the inference prior to its availability within an AI client user interface (e.g., the IDE or web interface in Col. 116, Ll. 27-50 of Graves), parse the inference to identify third-party packages (e.g., Col. 116, Ll. 51-Col. 117, Ll. 2 of Graves concerning SCA; use of a package, library, or other component within the code) included in the inference; and Refer to at least FIG. 19 and Col. 116, Ll. 51-Col. 117, Ll. 13 of Graves with respect to performing code analysis on the generated code before allowing it to be provided in response to the prompt. a validation module utilized by the middleware layer to determine whether the identified third-party packages included in the inference are certified, Refer to at least Col. 116, Ll. 51-Col. 117, Ll. 3, Col. 120, Ll. 7-12, and Col. 128, Ll. 6-10 of Graves with respect to determining whether a component is known to be vulnerable or non-vulnerable. For instance, a vulnerable library would fail the assessment; a non-vulnerable library would pass the assessment. the middleware layer being further configured, upon determining that the inference includes an uncertified third-party package, to either (i) redact the inference or uncertified third-party package or (ii) modify the inference by at least including an identification of a certified third-party package that is an alternative to the uncertified third-party package. Refer to at least Col. 117, Ll. 39-45, Col. 120, Ll. 7-12, Col. 123, Ll. 60-67, and Col. 128, Ll. 4-10 of Graves with respect to excluding or preventing the identified vulnerable components; to suggesting their removal or replacement with non-vulnerable components. Graves does not specify: determining certification further comprising by at least checking the identified third-party packages against one or more registries of certified packages; the uncertified package further comprising being a package that is not included in the one or more registries of certified packages. However, Graves in view of Martick discloses: determining certification further comprising by at least checking the identified third-party packages against one or more registries of certified packages; the uncertified package further comprising being a package that is not included in the one or more registries of certified packages. Refer to at least [0016], [0024], [0026]-[0027], and [0057]-[0058] of Martick with respect to determining whether objects match a list of certified objects, which may be stored at a build system or a remote server. The teachings of Graves and Martick both concern evaluating software components, and are considered to be within the same field of endeavor and combinable as such. Therefore it would have been obvious to one of ordinary skill in the art to modify the teachings of Graves to explicitly include referencing a list of certified components for at least the purpose of more easily and securely identifying replacements for suggestion (i.e., the LLM does not need to generate the replacements, and hallucinated replacement suggestions are prevented). Further, at least Col. 120, Ll. 21-34 of Graves already implements a table of suggestions for remediation. Regarding claim 2, Graves-Martick discloses: The system of claim 1, wherein the large language model is a Generative Pretrained Transformer. Refer to at least Col. 69, Ll. 14-20 of Graves with respect to Generative Pre-trained Transformer AI tools. Regarding claim 3, Graves-Martick discloses: The system of claim 1, wherein the middleware layer is further configured to generate a new inference if the inference fails to include any certified third-party package, wherein the new inference excludes any uncertified packages included in the inference. Refer to at least Col. 117, Ll. 31-Col. 118, Ll. 13 of Graves with respect to requesting updated code from the generative AI model, where the code may be requested to exclude or prevent one or more identified vulnerabilities (e.g., library with known vulnerability). Regarding claim 4, Graves-Martick discloses: The system of claim 1, wherein the parsing of the inference by the middleware layer includes identifying the programming language of the code in the inference and applying language-specific rules to identify the third-party packages. Refer to at least Col. 116, Ll. 8-Col. 117, Ll. 13, Col. 122, Ll. 36-54, and Col. 125, Ll. 10-27 of Graves with respect to the code generated by the AI model being of a given programming language; code analysis including SCA, static analysis, and evaluating code patterns. Regarding claim 5, Graves-Martick discloses: The system of claim 1, wherein the one or more registries of certified packages are updated in real-time to reflect security patches and updates. Refer to at least Col. 13, Ll. 59-67 and Col. 90, Ll. 27-41 of Graves with respect to collecting data about processes and software, including updates, fixes, and new features. Changes are updated as they are made aware of. Refer to at least [0002] and [0064] of Martick with respect to tracking software updates. Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to further modify the teachings of Graves-Martick to update lists of certified components with new component information as it is identified for at least the purpose of improving security (i.e., making sure to recommend, and make replacements using, only up-to-date and patched components). Regarding claim 6, Graves-Martick discloses: The system of claim 1, wherein the one or more registries of certified packages are private registries maintained by a user's organization. Refer to at least Col. 7, Ll. 28-34, Col. 71, Ll. 23-40, and Col. 93, Ll. 43-55 of Graves with respect to applying its teachings to an on-premises environment, as well as to on-premises data storage. Refer to at least [0024] of Martick with respect to storing the list of certified components at the build system. Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to further modify the teachings of Graves-Martick to implement storing the list of certified components on-premises because the particular known technique was recognized as part of the ordinary capabilities of one skilled in the art. Regarding claim 7, it is rejected for substantially the same reasons as claim 1 above (e.g., Col. 117, Ll. 39-63 of Graves). Regarding claim 8, it is rejected for substantially the same reasons as claim 1 above (e.g., Col. 120, Ll. 7-13 of Graves). Regarding claim 9, it is rejected for substantially the same reasons as claim 1 above (e.g., Col. 128, Ll. 4-10 of Graves). Regarding claim 10, it is rejected for substantially the same reasons as claims 1 and 8-9 above (e.g., Col. 123, Ll. 58-67 of Graves). Regarding independent claim 11, it is substantially similar to independent claim 1 above, and is therefore likewise rejected (i.e., the citations and obviousness rationale). Regarding claims 12-16, they are substantially similar to claims 2-6 above, and are therefore likewise rejected. Regarding independent claim 17, it is substantially similar to independent claim 1 above, and is therefore likewise rejected (i.e., the citations and obviousness rationale). Regarding claim 18, it is rejected for substantially the same reasons as claim 17 above (i.e., the citations concerning removing vulnerable components). Regarding claim 19, it is rejected for substantially the same reasons as claims 8 and 10 above. Regarding claim 20, it is rejected for substantially the same reasons as claim 17 above (e.g., Col. 128, Ll. 4-10 of Graves). Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Any inquiry concerning this communication or earlier communications from the examiner should be directed to VADIM SAVENKOV whose telephone number is (571)270-5751. The examiner can normally be reached 12PM-8PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey L Nickerson can be reached at (469) 295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /V.S/Examiner, Art Unit 2432 /SYED A ZAIDI/Primary Examiner, Art Unit 2432
Read full office action

Prosecution Timeline

Jan 25, 2024
Application Filed
Oct 07, 2025
Non-Final Rejection mailed — §101, §103, §112
Nov 17, 2025
Interview Requested
Nov 25, 2025
Examiner Interview Summary
Nov 25, 2025
Applicant Interview (Telephonic)
Feb 02, 2026
Response after Non-Final Action
Feb 02, 2026
Response Filed

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12639449
SYSTEM AND METHOD FOR SCANNING CONTAINERS FOR VULNERABILITIES
2y 4m to grant Granted May 26, 2026
Patent 12632534
ACCESSING SECURE SYSTEM RESOURCES BY LOW PRIVILEGE PROCESSES
7y 12m to grant Granted May 19, 2026
Patent 12613999
DETECTING ELECTRONIC SYSTEM MODIFICATION
6y 10m to grant Granted Apr 28, 2026
Patent 12608482
DETERMINING A SECURITY SCORE IN BINARY SOFTWARE CODE
6y 5m to grant Granted Apr 21, 2026
Patent 12608501
Privacy-Preserving Log Analysis
5y 11m to grant Granted Apr 21, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

1-2
Expected OA Rounds
62%
Grant Probability
82%
With Interview (+20.8%)
3y 4m (~11m remaining)
Median Time to Grant
Low
PTA Risk
Based on 314 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month