Prosecution Insights
Last updated: July 17, 2026
Application No. 18/651,288

AUTOMATED SECURITY TESTING SYSTEMS USING MULTI-TIERED LANGUAGE MODELS

Final Rejection §101§103§112
Filed
Apr 30, 2024
Examiner
BINCZAK, BRANDON MICHAEL
Art Unit
2437
Tech Center
2400 — Computer Networks
Assignee
Hitachi Ltd.
OA Round
3 (Final)
39%
Grant Probability
At Risk
4-5
OA Rounds
10m
Est. Remaining
72%
With Interview

Examiner Intelligence

Grants only 39% of cases
39%
Career Allowance Rate
25 granted / 64 resolved
-18.9% vs TC avg
Strong +33% interview lift
Without
With
+33.4%
Interview Lift
resolved cases with interview
Typical timeline
3y 1m
Avg Prosecution
22 currently pending
Career history
97
Total Applications
across all art units

Statute-Specific Performance

§101
1.3%
-38.7% vs TC avg
§103
95.4%
+55.4% vs TC avg
§102
0.3%
-39.7% vs TC avg
§112
3.0%
-37.0% vs TC avg
Black line = Tech Center average estimate • Based on career data from 64 resolved cases

Office Action

§101 §103 §112
DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Information Disclosure Statement The information disclosure statements (IDS) submitted on 4/30/2024 and 8/8/2025 are in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statements are being considered by the Examiner. Response to Arguments Applicant’s arguments, see page(s) 8, filed 4/7/2026, with respect to the objection(s) to claim(s) 1-12 have been fully considered and are persuasive. The associated objection(s) to the listed claim(s) has/have been withdrawn. Applicant’s arguments, see page(s) 9-11, filed 4/7/2026, with respect to the rejection of claim(s) 6, 7, and 14-19 under 35 USC 112(a) have been fully considered and are persuasive. The associated rejection(s) to the listed claim(s) has/have been withdrawn. Applicant’s arguments, see page(s) 11, filed 4/7/2026, with respect to the rejection of claim(s) 14-19 under 35 USC 112(b) have been fully considered and are persuasive. The associated rejection(s) to the listed claim(s) has/have been withdrawn. Applicant’s arguments, see page(s) 12, filed 4/7/2026, with respect to the rejection of claim(s) 8 under 35 USC 112(d) have been fully considered and are persuasive. The associated rejection(s) to the listed claim(s) has/have been withdrawn. Applicant’s arguments, see page(s) 12 and 13, filed 4/7/2026, with respect to interpretation of claim(s) 14 under 35 U.S.C. 112(f) have been fully considered and are persuasive. The associated claim(s) is/are no longer being interpreted under this statute. Applicant's arguments, see pages 13-16, filed 4/7/2026, with respect to the rejection of claims 1-20 under 35 USC 101 have been fully considered. Regarding claims 1-12: The amendments reciting executing commands against a target system are sufficient to overcome the rejection. The rejection of these claims has been withdrawn. Regarding claims 13-20: The arguments are not persuasive. Regarding the argument: “Indeed, the claims integrate the abstract idea into a practical application by reciting a specific technical solution for preventing information leakage … through a dual language model architecture where a first language model … filters sensitive data from prompts before communicating with a second language model and then reintegrates tie sensitive data into the response to generate executable test commands …” Examiner respectfully disagrees. An assertion that an invention solves a problem does not, by itself transform an abstract idea into a practical application. As pointed out in the rejection in the previous office action, the abstract idea is simply applied to generic computer components, and represents a mental process. “… this coordinated operation of multiple specialized language models with different training datasets represents a concrete technological improvement to cybersecurity testing systems that cannot be performed mentally.” Examiner respectfully disagrees. No improvement to any technology is evident in the claims or specification. The instant application is directed to fairly rudimentary prompt generation and language processing, and recites no subject matter which could be interpreted as an improvement to the function of Machine Learning (ML) models or cybersecurity testing. “That is, the ordered combination of steps provides significantly more than any abstract idea because the claims require: (1) training a local language model on target- specific structured system information, (2) using that trained model to identify and filter sensitive information from prompts, (3) communicating sanitized prompts to a separate public language model, and (4) restoring sensitive information to generate executable security test commands …” Examiner notes that requirements (1) and (3) recite generic computer components performing well-known functions and does not provide additionally more than the abstract idea. Examiner notes that requirements (2) and (4) describe precisely the mental process on which the rejections are based. Removing sensitive information from a prompt and then putting it back does not represent “significantly more” than the abstract idea. “… this specific technical workflow addresses the concrete problem of information leakage in LLM-based security testing as described in paragraphs '[0002M-40004] of the specification.” Examiner notes that an assertion that a claimed invention “addresses a problem” does not, by itself, confer eligibility to a claim. There is no evidence that those of skill in the art of cybersecurity actually consider “information leakage” a problem, as it may be prevented by application of the mental processes pointed out in the applicable rejections of the claims. Applicant's arguments, see pages 16-21, filed 4/7/2026, with respect to the rejection of claims 1-20 under 35 USC 103 have been fully considered. Due to the change in scope of the amended claims, the previous rejections have been withdrawn. However, upon further consideration, a new ground(s) of rejection is made in view of CRAWFORD (Doc ID US 20250240327 A1). Regarding the argument directed to training an ML model with structured system information: This argument is persuasive. Regarding the argument: “Claim 1 as amended recites "performing a filtering process comprising replacing sensitive identifiers in the first prompt with generic placeholders to generate a second prompt that does not comprise the sensitive data." While BANG teaches generating external query information by replacing sensitive information contained in the information input with meaningless information, BANG does not teach the specific replacement of sensitive identifiers with generic placeholders in the context of security testing prompts as recited by claim I as amended. BANG. paragraph [0059].” Examiner respectfully disagrees and notes that application of prior art is not an ipsissimis verbis test. Bang explicitly performs the claimed function of replacing sensitive data. Examiner further notes that the amended claim’s recital of “generic placeholder” represents new matter; however, even if it did not, there is no description in the claims or specification which distinguishes the function of the claim over the function of the applied prior art. Regarding the argument: “Claim 1 as amended recites "communicating a third prompt … to cause the first language model to restore the generic placeholders with the sensitive identifiers …”. … However, GOMEZ's deanonymization is performed by a reply modifier component, not by communicating a third prompt to the language model to cause the language model itself to restore the placeholders as recited by claim 1 as amended. …” This argument is persuasive. Regarding the arguments directed to claims 3 and 5: These arguments are persuasive. Regarding the arguments directed to claim 13: This argument is addressed similarly to that of claim 1. Regarding the argument: “Further, Applicant submits that the Examiner attempts to define four references as being the "prior art" to be used for evaluation of independent claim 1, and six references as being the "prior art" of some of the dependent claims, thereby permitting the Examiner to pick- and-choose wording from any of the four references without concern about motivation (or predictability) to modify or to combine features from different prior art references. or any indication that a technique was known in the art to merely extract a feature from a first reference and simply insert such feature into a second reference.” Examiner respectfully disagrees and notes that the number of references applied to a rejection under 35 USC 103 is, by itself, irrelevant. In the instance, the majority of independent claim 1 is anticipated by two references, with two others merely supplementing two individual limitations. As to motivation to modify or combine, explicit motivations were provided for each combination in the previous office action. As to predictability, it is unclear what the Applicant finds unpredictable about the combination of references provided in the previous office action. “Indeed, contrary to the Examiner's evaluation, the elements of the claimed invention are not merely performing the same functions as in the alleged prior art references, and there is a new synergy provided by the new combination of elements.” Examiner notes this argument represents a mere assertion and no evidence is presented of “synergy” or otherwise which would indicate that the claimed invention is distinct over the prior art. “Applicant submits that the Examiner attempts to pick and choose different elements and functions from the devices of the alleged secondary references, out-of- context to enable the non-analogous device of the alleged primary reference to appear to be similar to the claimed invention. Therefore, Applicant respectfully submits that the Examiner is improperly using the claimed invention as a roadmap and that one of ordinary skill in the art would not have combined the references as alleged by the Examiner.” Examiner respectfully disagrees. The context of both the claimed invention and of the applied prior art is security testing of computer systems. It is unclear what other context is relevant which would render the provided prior art references “out-of-context.” “Accordingly, Applicant submits that the Examiner's conclusion of obviousness is based on improper hindsight reasoning, since there is no reasonable rationale articulated to modify the alleged primary reference based on the teachings of the alleged secondary references. “That is, the Examiner's position appears to be based solely on re-defining the claimed invention with abstraction and selectively ignoring wording in the claims, along with improperly attempting to "kludge together" wording out-ot-context from the cited references.” Examiner notes that this represents repetition of previous arguments and will not be addressed further. Examiner notes that additional arguments are directed to assertions of allowability of claims based on their dependence on claims previously argued, and will not be addressed further. Claim Objections Claim(s) 1-6, 9-12, 21, and 22 is/are objected to because of the following informalities: Regarding claim(s) 1: The portion of the claim(s) reciting, “… wherein the determining comprising comparing the results …” should be corrected to, “… wherein the determining comprises comparing the results …”. Regarding claims 2-6, 9-12, 21, and 22: They are objected to for being dependent on one or more objected-to claims. These objections could be overcome by overcoming the objections to any claims upon which these claims depend, or by amending the claim such that they are no longer dependent on any objected-to claims. Appropriate correction is required. Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claims 13-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. Claim 13 recites: Obtaining target system information. Training a language model to recognize sensitive information. Identifying test patterns. Using a language model for creating a prompt containing “sensitive information.” Using a language model for creating a second prompt which filters the “sensitive information” from the first prompt. Using a language model for responding to the second prompt. Performing test commands. Claims 3 and 4 recite: Formatting presentations of data. Claim 5 recites: Obtaining test conditions. Claim 7 recites: Determining a test pattern. Claim 8 recites: Providing input. Claim 10 recites: Filtering commands from a list, based on criteria. Claim 13 recites: Using a language model for creating a prompt containing “sensitive information.” Using a language model for creating a second prompt which filters the “sensitive information” from the first prompt. Using a language model for responding to the second prompt. Claim 20 recites: Creating the first prompt involves a “greater number of parameters” than creating the second prompt. These are processes that, under their broadest reasonable interpretation, may be performed in the mind. Accordingly, the claims recite an abstract idea. This judicial exception is not integrated into a practical application because other aspects of the claims’ limitations amount no more than mere instructions to apply the exception using a generic “language model” and generic computer components. Regarding the ML model, patents may be directed to abstract ideas where they disclose the use of an already available technology, with its already available basic functions, to use as a tool in executing the claimed process. Regarding the obtaining of system information, identifying test patterns, creation and filtering of prompts, and related limitations of the claims listed above: if a claim limitation, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components, then it falls within the “Mental Processes” grouping of abstract ideas. Using system information to plan tests, generating AI prompts, and filtering them for sensitive information is a task which may be reasonably performed by a human using their mind, pen and paper, and/or the basic functions of a computer. That the claimed invention may perform this task with greater speed and/or efficiency than a human does not by itself render the claims patent eligible under 35 USC 101. The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception because there is nothing in the claims, whether considered individually or in their ordered combination, that would transform the application into something “significantly more” than the abstract idea of planning a test on a target system, generating a prompt, and filtering sensitive information from it. Further, the claims do not contain steps through which the ML model achieves an improvement, nor any improvement over generic ML models themselves. The claims are not patent eligible. Regarding claims 14-19: They are dependent on one or more rejected claims, and thus inherit those rejections. This rejection could be overcome by overcoming the rejection(s) to any claims upon which these claims depend, or by amending the claims such that they are no longer dependent on any rejected claim. Claim Rejections - 35 USC § 112 The following is a quotation of the first paragraph of 35 U.S.C. 112(a): (a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention. Claim(s) 1-6 and 9-22 is/are rejected under 35 U.S.C. 112(a) as failing to comply with the written description requirement. The claim(s) contain(s) subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, at the time the application was filed, had possession of the claimed invention. Regarding claim 1: Claim 1 recites, “… execute the test commands against the target system to probe for vulnerabilities …”. This limitation represents new matter because the original disclosure does not provide support for executing test commands to probe for vulnerabilities. While there is support for vulnerability scanning to be included in a suite of tools throughout the specification, the original disclosure makes it clear that vulnerabilities are scanned/acquired as part of the step of obtaining “target system information.” In fact, given that the claims are explicit that vulnerability information of the target system has already been collected (“… scanning a target system to obtain … structured system information comprising … security vulnerabilities of the target system …”), the question is raised of why the test commands, which are the end result of processing the system information, would be used to probe for vulnerabilities which have already been identified. This rejection can be overcome by amending the claims such that they recite only that subject matter which is supported by the original disclosure. Regarding claims 1 and 13: Claim 1 recites, “… a filtering process comprising replacing sensitive identifiers in the first prompt with generic placeholders to generate a second prompt …”. Claim(s) 13 recite(s) similar language. This limitation represents new matter because the original disclosure is silent regarding “generic placeholders.” The relevant portion of the specification includes ¶ 0072, inter alia, “… in response to determining that the first prompt includes the sensitive data, performing a filtering process to generate a second prompt that includes a filtered set of commands that does not include the sensitive data …”. The specification provides no further guidance or description regarding a required format of a replacement, nor does it require that the sensitive data be “replaced” at all. This rejection can be overcome by amending the claims such that they recite only that subject matter which is supported by the original disclosure. Regarding claims 2-6, 9-12, and 14-22: They are dependent on one or more rejected claims, and thus inherit those rejections. This rejection could be overcome by overcoming the rejection(s) to any claims upon which these claims depend, or by amending the claims such that they are no longer dependent on any rejected claim. The following is a quotation of 35 U.S.C. 112(b): (b) CONCLUSION. — The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. Claims 3-6 and 9 are rejected under 35 U.S.C. 112(b) as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor regards as the invention. Regarding claim 3: Claim 3 recites, “… using the result to generate structured system data associated with the configuration information …”. The claim is indefinite because it is unclear to which “result” is being referred. Claim 1, on which this claim depends, recites results related to: scanning a target system; and execution results. This rejection can be overcome by amending the claim such that it is clear to which result is being referred in the claim. The claim is further indefinite because it is unclear whether “structured system data” is meant to be equivocal to the “structured system information” recited in depended-on claim 1. The context of claim 3 indicates that it is referring to the same data, but it is given an explicitly different name by the language of the claim. This rejection can be overcome by amending the claims such that the relationship between the “structured system data” and “structured system information” is made clear. Regarding claims 4-6: These claims similarly to claim 3 regarding the relationship of “structured system data” and “structured system information.” Regarding claim 9: Claim 9 recites, “… communicating commands to a tool library to operate a set of tools.” The claim is indefinite because it is unclear whether “a tool library” is meant to be distinct from the “tool library” recited in depended-on claim 1, which recites, “… operating a tool library comprising security testing tools …”. This rejection can be overcome by amending the claims such that the antecedent basis of “tool library is clear (i.e. “… communicating commands to [[a]] the tool library to operate a set of tools.”). Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1, 9, 13-16, 19, and 22 are rejected under 35 U.S.C. 103 as being unpatentable over NAKANISHI et al (Doc ID US 20220067171 A1), and further in view of CRAWFORD (Doc ID US 20250240327 A1) and GOEL et al (Doc ID US 20230077510 A1). Regarding claim 1: NAKANISHI teaches: A method for conducting cybersecurity testing, the method comprising: scanning a target system to obtain a result comprising target system information ([0020] "… the control apparatus … acquires network structure information, vulnerability information, and the like of a system under test.); the structured system information comprising asset names, network topology, and security vulnerabilities of the target system ([0062] "... the system information parser 41 may acquire ... pieces of installed software, pieces of network structure information, pieces of configuration setting information, and the like of all the devices included in the system under test 20, for example. Furthermore, the system ... may acquire pieces of information of vulnerabilities for the pieces of installed software of all the devices included in the system under test 20 from a vulnerability database."), in a first phase of a security test, obtaining a set of security test patterns for assessing the result ([0023] "… the control apparatus with automated test suites plans a plurality of sequence of actions (attack paths) ..."); executing the test commands to initiate a security test session ([0025] "Thereafter, the control apparatus with automated test suites executes actions (attack steps) included in the attack path (step S5) …"); storing the test commands in a database ([0034] "… The analyzer 11 extracts actions (attack steps) to be taken on the system under test 20 from capabilities stored in the capability information storage 14."); operating a tool library comprising security testing tools to execute the test commands against the target system to probe for vulnerabilities ([0062] "... Furthermore, the system ... may acquire pieces of information of vulnerabilities for the pieces of installed software of all the devices included in the system under test 20 ..."); storing results of the execution in the database ([0121] "First, the organizer 12 writes, into a database ..., the pieces of information acquired by … the attack step execution (after execution of the processing at step S307) (step S314)."); and determining, based on the results, whether goals for a current test stage have been achieved ([0122] "The organizer 12 then determines whether the attack goal of the attacker has been reached (step S315)."), wherein the determining comprising comparing the results against termination conditions provided by a user via a human-machine interface, ([0050] "A set of initial conditions and a final goal condition are input as parameters to the system.") and in response to determining that the termination conditions have been satisfied, terminating the security test session ([0122] "… When the attack goal of the attacker has been reached (Yes at step S315), the organizer 12 … finishes the processing (step S316)."). CRAWFORD teaches the following limitation(s) not taught by NAKANISHI: using structured system information derived from the target system information … to train a first language model to recognize sensitive information in the target system information ([0031] "... The CPII module 312 is configured to block or bypass CPII that is identified in the prompt from reaching the NLP model. In some embodiments, the CPII module 312 includes or is linked to a separate AI model that is configured to derive CPII from information or documents submitted by the user ..."); for each security test pattern of the set of security test patterns, creating a respective first prompt that comprises the target system information and the respective security test pattern and communicating the first prompt to the first language model to cause it to perform steps comprising ([0031] "… The prompt filter module 125 receives input from a user 205 in terms of a natural language prompt."): evaluating the first prompt to determine whether it comprises sensitive data ([0031] "… A first processing module 312 reviews the prompt for confidential and personal identifying information (CPII). The CPII module 312 is configured to block or bypass CPII that is identified in the prompt from reaching the NLP model."); in response to determining that the first prompt comprises the sensitive data, performing a filtering process comprising replacing sensitive identifiers in the first prompt with generic placeholders to generate a second prompt that does not comprise the sensitive data ([0031] "... the CPII module 312 includes or is linked to a separate AI model …. The CPII module is configured to bypass certain content which involves replacing the CPII content with a unique code."); and communicating the second prompt to a security test manager ([0029] "Prompts that are passed are received and processed by the NLP model 210."); Examiner notes that the prior art does not pass the modified prompt through an explicit "security test manager." However, this element is essentially superfluous in nature, and the broadest reasonable interpretation of this term encompasses any part of a system which managers communication would perform an equivalent function, and would appropriately map to this limitation. communicating a third prompt comprising the first model response to the first language model to cause the first language model to restore the generic placeholders with the sensitive identifiers to generate test commands ([0031] "... The bypassed content is delivered directly to the result filter module 230 rather than the NLP model 210. The result filter module 230 is configured to reintegrate the confidential information into the output of the NLP model …"); Obtaining target system information, determining test patterns (attack paths) and test commands (attack steps), executing the commands, tracking the results, and terminating the test when goals are achieved is/are known technique(s) in the art, as demonstrated by NAKANISHI. Further, using one AI model to mask sensitive data in a prompt sent to another AI model, and unmasking the sensitive data in a reply to the prompt data is/are known technique(s) in the art, as demonstrated by CRAWFORD. It would have been obvious to a person having ordinary skill in the art (PHOSITA) before the effective filing date of the claimed invention to modify the automated security test system of NAKANISHI with the dual AI model prompt sanitation of CRAWFORD with the motivation to incorporate an AI model into attack step generation to decrease the need for user input in selecting attack strategies in penetration testing. GOEL teaches the following limitation(s) not taught by the combination of NAKANISHI and CRAWFORD: … obtain a first model response comprising security test commands ([0074] "In module 312, the artificial intelligence-based autonomous continuous testing platform generates a custom configuration model based on ... the system-specific model …" and [0077] "In module 316, the artificial intelligence-based autonomous continuous testing platform generates ... a plurality of autonomous test scripts."); Using an ML model to output scripts for computer testing is a known technique in the art, as demonstrated by GOEL. It would have been obvious to a PHOSITA before the effective filing date of the claimed invention to modify the multi-model prompt sanitation, generation, and execution method of NAKANISHI and CRAWFORD with the test command generation of GOEL with the motivation to utilize an ML model to generate the test commands to be executed. It would be obvious to look to systems which offload functions from additional software or hardware modules to the model. Regarding claim 9: The combination of NAKANISHI, CRAWFORD, and GOEL teaches: The method according to claim 1, wherein scanning the target system comprises generating and communicating commands to a tool library to operate a set of tools (NAKANISHI [0020] "... reads a network configuration (step S1)." and [0021] "… S1 is performed in such a manner that the control apparatus … calls other tools and acquires output of the other tools …"). Regarding claim 22: The combination of NAKANISHI, CRAWFORD, and GOEL teaches: The method according to claim 1, further comprising, in response to determining that the goals for the current test stage have not been achieved, generating a different test pattern based on the results and repeating steps of the creating the respective first prompt, the performing the filtering process, the obtaining the first model response, and the executing the test commands for the different test pattern (NAKANISHI [0116] "When the target host cannot be exploited (No at step S308), the organizer 12 determines whether all the attack paths have been executed (step S310). When all the attack paths have not been executed (No at step S301), the processing returns to step S305. When all the attack paths have been executed (Yes at step S301), the processing returns to step S300 in order to explore for another new host."); and in response to determining that the goals for the current test stage have been achieved, determining a next test pattern based on security test flow information and initiating a subsequent test stage using the next test pattern (NAKANISHI [0115] "… When the target host can be exploited (Yes at step S308), the organizer 12 sets the target host to the current host position and returns to step S300 (step S309)."). Claim 2 is rejected under 35 U.S.C. 103 as being unpatentable over NAKANISHI et al (Doc ID US 20220067171 A1), CRAWFORD (Doc ID US 20250240327 A1), and GOEL et al (Doc ID US 20230077510 A1) as applied to claim 1 above, and further in view of CAREY et al (Doc ID US 20140137190 A1). Regarding claim 2: The combination of NAKANISHI, CRAWFORD, and GOEL teaches: The method according to claim 1, CAREY teaches the following limitation(s) not taught by the combination of NAKANISHI, CRAWFORD, and GOEL: The method according to claim 1, wherein the target system information comprises at least one of a configuration information of the target system, network information of the target system, or component information of the target system ([0010] "... the one or more security metrics can include information related to a software, a hardware, or both a software and hardware configuration of the target computer device." and [0016] "... providing the one or more security metrics ... to determine a level of security vulnerability for the target computing device."). Utilizing configuration and component information of a target system such as software and hardware information is a known technique in the art, as demonstrated by CAREY. It would have been obvious to a PHOSITA before the effective filing date of the claimed invention to modify the ML-enabled penetration testing of NAKANISHI, CRAWFORD, and GOEL with the system information of CAREY with the motivation to limit the types of information gathered about a target system to a select few which can be more accurately learned and analyzed by the system. Claims 3 and 4 are rejected under 35 U.S.C. 103 as being unpatentable over NAKANISHI et al (Doc ID US 20220067171 A1), CRAWFORD (Doc ID US 20250240327 A1), and GOEL et al (Doc ID US 20230077510 A1) as applied to claim 1 above, and further in view of DONGLE et al (Doc ID US 20250139252 A1) and CRABTREE et al (Doc ID US 20220014560 A1). Regarding claim 3: The combination of NAKANISHI, CRAWFORD, and GOEL teaches: The method according to claim 2, DONGLE teaches the following limitation(s) not taught by the combination of NAKANISHI, CRAWFORD, and GOEL: further comprising using the result to generate structured system data associated with the configuration information ([0099] "… This may include modules to perform any upfront, data transformation to consolidate the data into alternate forms by changing the value, structure, or format of the data …"), Collecting data in a uniform structure for further processing is a known technique in the art, as demonstrated by DONGLE. It would have been obvious to a PHOSITA before the effective filing date of the claimed invention to modify the ML-enabled penetration testing of NAKANISHI, CRAWFORD, and GOEL with the structured data of DONGLE with the motivation to pre-process the data prior to any transformation into valid training data to limit errors and more precisely control what aspects are kept, lost, and transformed. CRABTREE teaches the following limitation(s) not taught by the combination of NAKANISHI, CRAWFORD, GOEL, and DONGLE: wherein the structured system data is defined in a machine-readable format and comprises entries that associate each asset with a logical network to which the asset is connected and a physical location where the asset is deployed ([0060] "... gathering data about the totality of the organization's infrastructure and operations, particularly including the organization's network infrastructure, but also including such information as physical locations, data assets, corporate legal structure, etc. ..."). Including data such as network associations and physical locations of target system components is a known technique in the art, as demonstrated by CRABTREE. It would have been obvious to a PHOSITA before the effective filing date of the claimed invention to modify the ML-enabled penetration testing of NAKANISHI, CRAWFORD, GOEL, and DONGLE with the structured data of CRABTREE with the motivation to standardize the input data to well-known categories often used in penetration testing. Regarding claim 4: The combination of NAKANISHI, CRAWFORD, GOEL, DONGLE, and CRABTREE teaches: The method according to claim 3, further comprising converting the structured system data into a format that is recognizable by a finetuning module that comprises the first language model (DONGLE [0100] "In addition to improving the quality of the data, the data pre-processing engine 716 may implement feature extraction and/or selection techniques to generate training data 718."). Converting structured data into data usable to train an ML model is a known technique in the art, as demonstrated by DONGLE. It would have been obvious to a PHOSITA before the effective filing date of the claimed invention to modify the ML-enabled penetration testing of NAKANISHI, CRAWFORD, GOEL, DONGLE, and CRABTREE with the training data of DONGLE with the motivation to provide the appropriate format and labels to data so that it can be used to enable desired training outcomes in the ML model. Claims 5 and 6 are rejected under 35 U.S.C. 103 as being unpatentable over NAKANISHI et al (Doc ID US 20220067171 A1), CRAWFORD (Doc ID US 20250240327 A1), GOEL et al (Doc ID US 20230077510 A1), DONGLE et al (Doc ID US 20250139252 A1), and CRABTREE et al (Doc ID US 20220014560 A1) as applied to claim 3 above, and further in view of CACERES et al (Doc ID US 20030014669 A1). Regarding claim 5: The combination of NAKANISHI, CRAWFORD, GOEL, DONGLE, and CRABTREE teaches: The method according to claim 3, the set of test conditions comprising test conditions and termination conditions, (NAKANISHI [0050] "A set of initial conditions and a final goal condition are input as parameters to the system.") and wherein the security test manager uses the set of test conditions and the structured system data to determine a security test flow (NAKANISHI [0050] "… To determine attack paths, the test suite … uses the set of pre-conditions, actions and post conditions … to determine transitions by performing attack steps."). CACERES teaches the following limitation(s) not taught by the combination of NAKANISHI, CRAWFORD, GOEL, DONGLE, and CRABTREE: wherein obtaining the set of security test patterns further comprises obtaining a set of test conditions provided by a user via a human-machine interface ([0057] "The console 105, shown in FIG. 2, compromises the security measures protecting the first target host 115 by executing a series of modules. The modules may be selected and initiated by the user."), Obtaining testing techniques from a user is a known technique in the art, as demonstrated by CACERES. It would have been obvious to a PHOSITA before the effective filing date of the claimed invention to modify the ML-enabled penetration testing of NAKANISHI, CRAWFORD, GOEL, DONGLE, and CRABTREE with the user-provided testing data of CACERES with the motivation to enable the system to accept testing data from a user who may provide more up-to-date or situation-appropriate data than what is kept in storage. Regarding claim 6: The combination of NAKANISHI, CRAWFORD, GOEL, DONGLE, CRABTREE, and CACERES teaches: The method according to claim 5, wherein identifying the set of security test patterns comprises using the structured system data and the set of test conditions to determine available attack vectors (NAKANISHI [0023] "… the control apparatus with automated test suites plans a plurality of sequence of actions (attack paths) ..."). Claims 10-12 are rejected under 35 U.S.C. 103 as being unpatentable over NAKANISHI et al (Doc ID US 20220067171 A1), CRAWFORD (Doc ID US 20250240327 A1), and GOEL et al (Doc ID US 20230077510 A1) as applied to claim 1 above, and further in view of PICARD (Doc ID US 20210029154 A1). Regarding claim 10: The combination of NAKANISHI, CRAWFORD, and GOEL teaches: The method according to claim 1, PICARD teaches the following limitation(s) not taught by the combination of NAKANISHI, CRAWFORD, and GOEL: further comprising, in response to determining that a command among the test commands deviates from a predetermined criterion, eliminating that command ([0017] "... determining if a module exists for ... potential attacks ..., potential attacks being invalid if no said module exists for said one of … potential attacks …" and [0018] "... determining if conditions for ... potential attack are present ..., said module-validated potential attack being invalid if said conditions are absent ..."). Removing invalid attacks from a penetration test is a known technique in the art, as demonstrated by PICARD. It would have been obvious to a PHOSITA before the effective filing date of the claimed invention to modify the ML-enabled penetration testing of NAKANISHI, CRAWFORD, and GOEL with the attack trimming of PICARD with the motivation to ensure that only attacks which are valid, enabled, or safe to use are executed as part of the penetration test on the target system. It is obvious to remove attacks which are invalid for some reason. Regarding claim 11: The combination of NAKANISHI, CRAWFORD, and GOEL teaches: The method according to claim 1, PICARD teaches the following limitation(s) not taught by the combination of NAKANISHI, CRAWFORD, and GOEL: The method according to claim 1, further comprising verifying the test commands and storing the test commands in a database as security test patterns ([0017] "... determining if a module exists for ... potential attacks ..., potential attacks being invalid if no said module exists for said one of … potential attacks …" and [0018] "... determining if conditions for ... potential attack are present ..., said module-validated potential attack being invalid if said conditions are absent ..."). Removing invalid attacks from a penetration test is a known technique in the art, as demonstrated by PICARD. It would have been obvious to a PHOSITA before the effective filing date of the claimed invention to modify the ML-enabled penetration testing of NAKANISHI, CRAWFORD, and GOEL with the attack trimming of PICARD with the motivation to ensure that only attacks which are valid, enabled, or safe to use are executed as part of the penetration test on the target system. It is obvious to remove attacks which are invalid for some reason. Regarding claim 12: The combination of NAKANISHI, CRAWFORD, GOEL, and PICARD teaches: The method according to claim 11, wherein the security test pattern is retrieved from the database (NAKANISHI [0034] "… The analyzer 11 extracts actions (attack steps) to be taken on the system under test 20 from capabilities stored in the capability information storage 14."). Claims 13-16 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over CRAWFORD (Doc ID US 20250240327 A1), and further in view of NAKANISHI et al (Doc ID US 20220067171 A1) and GOEL et al (Doc ID US 20230077510 A1). Regarding claim 13: CRAWFORD teaches: An automated cybersecurity testing system comprising: a first language model that has been trained without using sensitive information of a target system ([0027] "FIG. 1 is a schematic diagram of a system for governance, risk, compliance, and cybersecurity for an AI/NLP model (referred to afterwards as an “NLP model” for brevity) .... The system 100 includes a number of elements ... which are ways in which the system modifies prompts submitted to one or more AI/NLP models, and the outputs of such models."); and Examiner notes that the prior art does not explicitly teach that the NLP is not trained on the "sensitive data of a target system", however, the fact that sensitive data is explicitly filtered before reaching the NLP makes this implicit. a second language model that has been trained using structured system information ([0031] "... The CPII module 312 is configured to block or bypass CPII that is identified in the prompt from reaching the NLP model. In some embodiments, the CPII module 312 includes or is linked to a separate AI model that is configured to derive CPII from information or documents submitted by the user ...") … wherein the second language model is further configured to receive the first model response and restore the generic placeholders with the sensitive identifiers to generate test commands ([0031] "... The bypassed content is delivered directly to the result filter module 230 rather than the NLP model 210. The result filter module 230 is configured to reintegrate the confidential information into the output of the NLP model …"). NAKANISHI teaches the following limitation(s) not taught by CRAWFORD: … using structured system information comprising asset names, network topology, and security vulnerabilities of the target system ([0062] "... the system information parser 41 may acquire ... pieces of installed software, pieces of network structure information, pieces of configuration setting information, and the like of all the devices included in the system under test 20, for example. Furthermore, the system ... may acquire pieces of information of vulnerabilities for the pieces of installed software of all the devices included in the system under test 20 from a vulnerability database."), Using one AI model to mask sensitive data in a prompt sent to another AI model, and unmasking the sensitive data in a reply to the prompt data are known techniques in the art, as demonstrated by CRAWFORD. Further, utilizing common system information in systems for penetration testing is a known technique in the art, as demonstrated by NAKANISHI. It would have been obvious to a PHOSITA before the effective filing date of the claimed invention to modify the dual AI model prompt sanitation of CRAWFORD with the automated security test system of NAKANISHI with the motivation to utilize well-known types of system information for use in a model meant to identify sensitive information associated with system information. GOEL teaches the following limitation(s) not taught by the combination of CRAWFORD and NAKANISHI: the first language model configured to generate, in response to receiving a second prompt comprising the non-sensitive information, a first model response ([0074] "In module 312, the artificial intelligence-based autonomous continuous testing platform generates a custom configuration model based on ... the system-specific model …" and [0077] "In module 316, the artificial intelligence-based autonomous continuous testing platform generates ... a plurality of autonomous test scripts."), Using an ML model to output scripts for computer testing is a known technique in the art, as demonstrated by GOEL. It would have been obvious to a PHOSITA before the effective filing date of the claimed invention to modify the multi-model prompt sanitation, generation, and execution method of CRAWFORD and NAKANISHI with the test command generation of GOEL with the motivation to utilize an ML model to generate the test commands to be executed. It would be obvious to look to systems which offload functions from additional software or hardware modules to the model. Regarding claim 14: The combination of CRAWFORD, NAKANISHI, and GOEL teaches: The system of claim 13, further comprising: a processor coupled to a memory storing instructions for the processor to be configured to: execute instructions to scan a target system to obtain the sensitive information (NAKANISHI [0020] "… the control apparatus … acquires network structure information, vulnerability information, and the like of a system under test.); a management server configured to generate the first prompt, the first prompt comprising the sensitive information and a request for security testing (CRAWFORD [0031] "… The prompt filter module 125 receives input from a user 205 in terms of a natural language prompt."); and Examiner notes that the "request for security testing" is not given any function in this claim or any of its dependent claims, and is therefore considered intended use, and holds no patentable weight. execute instructions to train the second language model to learn the sensitive information (CRAWFORD [0031] "… A first processing module 312 reviews the prompt for confidential and personal identifying information (CPII). The CPII module 312 is configured to block or bypass CPII that is identified in the prompt from reaching the NLP model."). Regarding claim 15: The combination of CRAWFORD, NAKANISHI, and GOEL teaches: The system of claim 14, wherein the second language model, in response to receiving the first prompt, converts the sensitive information to non-sensitive information and communicates the non-sensitive information in the second prompt to the management server (CRAWFORD [0031] "... the CPII module 312 includes or is linked to a separate AI model …. The CPII module is configured to bypass certain content which involves replacing the CPII content with a unique code."). Regarding claim 16: The combination of CRAWFORD, NAKANISHI, and GOEL teaches: The system of claim 14, wherein the second language model is configured to obtain the sensitive information from user-provided data (CRAWFORD [0031] "... The CPII module 312 is configured to block or bypass CPII that is identified in the prompt from reaching the NLP model. In some embodiments, the CPII module 312 includes or is linked to a separate AI model that is configured to derive CPII from information or documents submitted by the user ..."). Regarding claim 19: The combination of CRAWFORD, NAKANISHI, and GOEL teaches: The system of claim 14, wherein the processor comprises a test tool library comprising a file system or database system to manage a security testing tool, the security testing tool comprising at least one of a network scanning tool, a vulnerability scanning tool, or a penetration testing tool (NAKANISHI [0021] "... the control apparatus with automated test suites calls other tools and acquires output of the other tools, for example. Examples of the other tools include a vulnerability scanner and a network exploration tool."). Claim 17 is rejected under 35 U.S.C. 103 as being unpatentable over CRAWFORD (Doc ID US 20250240327 A1), NAKANISHI et al (Doc ID US 20220067171 A1), and GOEL et al (Doc ID US 20230077510 A1) as applied to claim 14 above, and further in view of DONGLE et al (Doc ID US 20250139252 A1). Regarding claim 17: The combination of CRAWFORD, NAKANISHI, and GOEL teaches: The system of claim 14, DONGLE teaches the following limitation(s) not taught by the combination of CRAWFORD, NAKANISHI, and GOEL: wherein the processor is configured to receive input data or information automatically in a machine-readable format (DONGLE [0100] "In addition to improving the quality of the data, the data pre-processing engine 716 may implement feature extraction and/or selection techniques to generate training data 718."). Converting structured data into data usable to train an ML model is a known technique in the art, as demonstrated by DONGLE. It would have been obvious to a PHOSITA before the effective filing date of the claimed invention to modify the ML-enabled penetration testing of CRAWFORD, NAKANISHI, and GOEL with the training data of DONGLE with the motivation to provide the appropriate format and labels to data so that it can be used to enable desired training outcomes in the ML model. Claim 18 is rejected under 35 U.S.C. 103 as being unpatentable over CRAWFORD (Doc ID US 20250240327 A1), NAKANISHI et al (Doc ID US 20220067171 A1), and GOEL et al (Doc ID US 20230077510 A1) as applied to claim 14 above, and further in view of CAREY et al (Doc ID US 20140137190 A1). Regarding claim 18: The combination of CRAWFORD, NAKANISHI, and GOEL teaches: The system of claim 14, CAREY teaches the following limitation(s) not taught by the combination of CRAWFORD, NAKANISHI, and GOEL: further comprising a database configured to store information about the target system, the information comprising at least one of network information, or security testing information, or test pattern results ([0010] "... the one or more security metrics can include information related to a software, a hardware, or both a software and hardware configuration of the target computer device." and [0016] "... providing the one or more security metrics ... to determine a level of security vulnerability for the target computing device."). Utilizing configuration and component information of a target system such as software and hardware information is a known technique in the art, as demonstrated by CAREY. It would have been obvious to a PHOSITA before the effective filing date of the claimed invention to modify the ML-enabled penetration testing of CRAWFORD, NAKANISHI, and GOEL with the system information of CAREY with the motivation to limit the types of information gathered about a target system to a select few which can be more accurately learned and analyzed by the system. Claim 20 is rejected under 35 U.S.C. 103 as being unpatentable over CRAWFORD (Doc ID US 20250240327 A1), NAKANISHI et al (Doc ID US 20220067171 A1), and GOEL et al (Doc ID US 20230077510 A1) as applied to claim 13 above, and further in view of WANG et al (Doc ID US 20200226476 A1). Regarding claim 20: The combination of CRAWFORD, NAKANISHI, and GOEL teaches: The system of claim 13, wherein the first language model comprises a greater number of parameters than the second language model (CRAWFORD [0003] "Natural language processing models (“NLP models”), including large language models (LLMs), receive natural language input from a human user, which can be a question or other input for which a computer-generated response is desired."). Examiner notes that while the prior art does not explicitly recite the number of parameters involved in each model, it would be obvious to one skilled in the art that a model trained only to recognize sensitive data would utilize fewer parameters than a general LLM like the recited OpenAI GPT. Additional prior art under WANG is provided as addition support of obviousness. WANG also teaches this limitation in addition to the combination of CRAWFORD, NAKANISHI, and GOEL: wherein the first language model comprises a greater number of parameters than the second language model ([0016] In some non-limiting embodiments or aspects, the first model includes a greater number of parameters than the second model.). Larger ML models utilizing a larger number of parameters than a smaller ML model is known in the art, as demonstrated by WANG. It would have been obvious to a PHOSITA before the effective filing date of the claimed invention that the ML-enabled penetration testing of CRAWFORD, NAKANISHI, and GOEL would follow this convention demonstrated by WANG, with the motivation to follow typical conventions of ML, as to do otherwise would represent wasted effort. Claim 21 is rejected under 35 U.S.C. 103 as being unpatentable over NAKANISHI et al (Doc ID US 20220067171 A1), CRAWFORD (Doc ID US 20250240327 A1), and GOEL et al (Doc ID US 20230077510 A1) as applied to claim 1 above, and further in view of GHARIBI et al (Doc ID US 20250103746 A1). Regarding claim 20: The combination of CRAWFORD, NAKANISHI, and GOEL teaches: The method according to claim 1, GHARIBI teaches the following limitation(s) not taught by the combination of CRAWFORD, NAKANISHI, and GOEL: wherein the first language model ([0053] "...various techniques can ... detect sensitive data ..." and [0055] "... machine learning (ML) approaches can be used for sensitive data detection. ... Another ML approach is ... LLMs like Bidirectional Encoder Representations from Transformers (BERT) or Generative Pre-trained Transformers (GPT) ...") operates in a local environment and the second language model operates in a public cloud ([0035] "... the prompt handler 120 acts as a security layer between an enterprise environment and the external generative AI 160 ..." and [0087] "... except for the LLM 360 which may reside in a user-untrusted domain ..., all other stages ... reside in a trusted domain of the user 310."), and wherein communicating the second prompt to the second language model prevents the sensitive identifiers from being transmitted to the public cloud ([0087] "… Thus, all sensitive data included in the user's prompt is exclusively retained in the user trusted domain, and none of the sensitive data is leaked to the user-untrusted domain."). Operating dual AI models with one internal (local) model and one external (cloud) model is a known technique in the art, as demonstrated by GHARIBI. It would have been obvious to a PHOSITA before the effective filing date of the claimed invention to modify the ML-enabled penetration testing of CRAWFORD, NAKANISHI, and GOEL with the internal and external models of GHARIBI with the motivation to utilize external assets rather than expend capital on maintaining a fully functional model locally, and to use a smaller local model as a precursor to modify prompts. Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. Any inquiry concerning this communication or earlier communications from the Examiner should be directed to BRANDON BINCZAK whose telephone number is (703)756-4528. The Examiner can normally be reached M-F 0800-1700. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, Applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the Examiner by telephone are unsuccessful, the Examiner’s supervisor, Alexander Lagor can be reached on (571) 270-5143. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /BB/Examiner, Art Unit 2437 /ALEXANDER LAGOR/Supervisory Patent Examiner, Art Unit 2437
Read full office action

Prosecution Timeline

Apr 30, 2024
Application Filed
Oct 16, 2025
Non-Final Rejection mailed — §101, §103, §112
Dec 30, 2025
Response Filed
Feb 17, 2026
Non-Final Rejection mailed — §101, §103, §112
Mar 11, 2026
Examiner Interview Summary
Mar 11, 2026
Applicant Interview (Telephonic)
Apr 07, 2026
Response Filed
Jun 01, 2026
Final Rejection mailed — §101, §103, §112 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12634133
COMPUTING SYSTEMS AND METHODS FOR PROTECTING APPLICATION PROGRAMMING INTERFACES WITH TWO-FACTOR AUTHENTICATION
3y 4m to grant Granted May 19, 2026
Patent 12470534
PARTIAL POOL CREDENTIALLING AUTHENTICATION SYSTEM
2y 6m to grant Granted Nov 11, 2025
Patent 12452224
IMAGE DISPLAY DEVICE AND SYSTEM, AND OPERATION METHOD FOR SAME
2y 11m to grant Granted Oct 21, 2025
Patent 12425867
REGISTRATION AND SECURITY ENHANCEMENTS FOR A WTRU WITH MULTIPLE USIMS
3y 7m to grant Granted Sep 23, 2025
Patent 12417283
IOT ADAPTIVE THREAT PREVENTION
3y 9m to grant Granted Sep 16, 2025
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

4-5
Expected OA Rounds
39%
Grant Probability
72%
With Interview (+33.4%)
3y 1m (~10m remaining)
Median Time to Grant
High
PTA Risk
Based on 64 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month