DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-20 are presented for examination.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claim(s) 1, 3-5, 7-11, 13, 15, and 17-19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Mushtaq (US 2025/0365313 A1) in view of Mohamed Nabeel et al. (US 2025/0358300 A1 and Mohamed hereinafter) and further in view of Ubriani et al. (US 2021/0314340 A1 and Ubriani hereinafter).
As to claims 1, 15, and 18, Mushtaq discloses a system and method for integrated security for cloud applications, the system and method having:
generating, via a first artificial intelligence (AI) model, an agent action space based on security data, wherein the agent action space is indicative of actions to perform to potentially compromise at least one of a computing system, a network, or an application (0063, lines 1-9).
Mushtaq fails to specifically disclose:
performing a reinforcement learning process with an agent based on the agent action space to obtain a log of the reinforcement learning process;
generating, by a processing device and via a second AI model, a report based on the security data and at least a portion of the log, wherein the report is indicative of a security weakness of the at least one of the computing system, the network, or the application.
Nonetheless, these features are well known in the art and would have been an obvious modification of the teachings disclosed by Mushtaq, as taught by Mohamed.
Mohamed discloses a system and method for ML based domain risk scoring and its applications to advanced URL filtering, the system and method having:
performing a reinforcement learning process with an agent based on the agent action space to obtain a log of the reinforcement learning process (i.e. generating synthetic hijacking records) (0033, lines 32-34).
Given the teaching of Mohamed, a person having ordinary skill in the art before the effective filing date of the claimed invention would have readily recognized the desirability and advantages of modifying the teachings of Mushtaq with the teachings of Mohamed by obtaining a log. Mohamed recites motivation by disclosing that obtaining a log in order to provide detection of DNS hijacked domains (0033). It is obvious that the teachings of Mohamed would have improved the teachings of Mushtaq by obtaining a log in order to provide detection of DNS hijacked domains.
Mushtaq in view of Mohamed fails to specifically disclose:
generating, by a processing device and via a second AI model, a report based on the security data and at least a portion of the log, wherein the report is indicative of a security weakness of the at least one of the computing system, the network, or the application.
Nonetheless, these features are well known in the art and would have been an obvious modification of the teachings disclosed by Mushtaq in view of Mohamed, as taught by Ubriani.
Ubriani discloses a system and method for machine learning-based role determination for access control to enterprise, the system and method having:
generating, by a processing device and via a second AI model, a report based on the security data and at least a portion of the log, wherein the report is indicative of a security weakness of the at least one of the computing system, the network, or the application (0028, lines 1-8).
Given the teaching of Mushtaq in view of Mohamed, a person having ordinary skill in the art before the effective filing date of the claimed invention would have readily recognized the desirability and advantages of modifying the teachings of Mushtaq in view of Mohamed with the teachings of Mushtaq in view of Ubriani by generating a report. Ubriani recites motivation by disclosing that a report is generated to be used for auditing (0028, lines 1-8). It is obvious that the teachings of Ubriani would have improved the teachings of Mushtaq in view of Mohamed by generating a report in order to identify risk transactions to be used for auditing.
As to claim 3, Mushtaq discloses:
wherein the first AI model is trained to generate agent action spaces (0063, lines 1-9).
Mushtaq in view of Mohamed fails to specifically disclose:
wherein the second AI model is trained to generate reports.
Nonetheless, this feature is well known in the art and would have been an obvious modification of the teachings disclosed by Mushtaq in view of Mohamed, as taught by Ubriani.
Ubriani discloses:
wherein the second AI model is trained to generate reports (0028, lines 1-8).
Given the teaching of Mushtaq in view of Mohamed, a person having ordinary skill in the art before the effective filing date of the claimed invention would have readily recognized the desirability and advantages of modifying the teachings of Mushtaq in view of Mohamed with the teachings of Mushtaq in view of Ubriani by generating a report. Please refer to the motivation recited above with respect to claims 1, 15, and 18 as to why it is obvious to apply the teachings of Ubriani to the teachings of Mushtaq in view of Mohamed.
As to claims 4 and 17, Mushtaq in view of Mohamed fails to specifically disclose:
wherein the report comprises at least one of an indication of a subset of the actions that lead to the security weakness, observations corresponding to the subset of the actions, or recommendations for mitigating the security weakness.
Nonetheless, this feature is well known in the art and would have been an obvious modification of the teachings disclosed by Mushtaq in view of Mohamed, as taught by Ubriani.
Ubriani discloses:
wherein the report comprises at least one of an indication of a subset of the actions that lead to the security weakness, observations corresponding to the subset of the actions (risk transactions), or recommendations for mitigating the security weakness (0028, lines 1-8).
Given the teaching of Mushtaq in view of Mohamed, a person having ordinary skill in the art before the effective filing date of the claimed invention would have readily recognized the desirability and advantages of modifying the teachings of Mushtaq in view of Mohamed with the teachings of Mushtaq in view of Ubriani by generating a report of observations. Please refer to the motivation recited above with respect to claims 1, 15, and 18 as to why it is obvious to apply the teachings of Ubriani to the teachings of Mushtaq in view of Mohamed.
As to claim 5, Mushtaq discloses:
wherein the agent action space indicates an action that potentially compromises the at least one of the computing system, the network, or the application and metadata for the action (0063, lines 1-9).
As to claim 7, Mushtaq in view of Mohamed fails to specifically disclose:
wherein the security weakness comprises a gap or a vulnerability in the at least one of the computing system, the network, or the application.
Nonetheless, this feature is well known in the art and would have been an obvious modification of the teachings disclosed by Mushtaq in view of Mohamed, as taught by Ubriani.
Ubriani discloses:
wherein the security weakness comprises a gap or a vulnerability in the at least one of the computing system, the network, or the application (0028, lines 1-8).
Given the teaching of Mushtaq in view of Mohamed, a person having ordinary skill in the art before the effective filing date of the claimed invention would have readily recognized the desirability and advantages of modifying the teachings of Mushtaq in view of Mohamed with the teachings of Mushtaq in view of Ubriani by generating a report indicating a security weakness in a network. Please refer to the motivation recited above with respect to claims 1, 15, and 18 as to why it is obvious to apply the teachings of Ubriani to the teachings of Mushtaq in view of Mohamed.
As to claim 8, Mushtaq in view of Mohamed fails to specifically disclose:
outputting the report, wherein outputting the report comprises at least one of transmitting the report or storing the report.
Nonetheless, this feature is well known in the art and would have been an obvious modification of the teachings disclosed by Mushtaq in view of Mohamed, as taught by Ubriani.
Ubriani discloses:
outputting the report, wherein outputting the report comprises at least one of transmitting the report or storing the report (using in auditing)(0028, lines 1-8).
Given the teaching of Mushtaq in view of Mohamed, a person having ordinary skill in the art before the effective filing date of the claimed invention would have readily recognized the desirability and advantages of modifying the teachings of Mushtaq in view of Mohamed with the teachings of Mushtaq in view of Ubriani by transmitting the report for auditing. Please refer to the motivation recited above with respect to claims 1, 15, and 18 as to why it is obvious to apply the teachings of Ubriani to the teachings of Mushtaq in view of Mohamed.
As to claim 9, Mushtaq discloses:
wherein the actions comprise at least one of a tactic that describes an objective, a technique that describes how the objective is achieved, or a procedure that describes an implementation of the tactic (closely mimic genuine attack) (0062, lines 15-18).
As to claim 10, Mushtaq discloses:
wherein generating the agent action space comprises providing the security data as a first input to the first AI model and obtaining the agent action space as a first output of the first AI model (0063, lines 1-9).
Mushtaq in view of Mohamed fails to specifically disclose:
wherein generating the report comprises providing the at least the portion of the log and the security data as a second input to the second AI model and obtaining the report as a second output of the second AI model.
Nonetheless, this feature is well known in the art and would have been an obvious modification of the teachings disclosed by Mushtaq in view of Mohamed, as taught by Ubriani.
Ubriani discloses:
wherein generating the report comprises providing the at least the portion of the log and the security data as a second input to the second AI model and obtaining the report as a second output of the second AI model.
Given the teaching of Mushtaq in view of Mohamed, a person having ordinary skill in the art before the effective filing date of the claimed invention would have readily recognized the desirability and advantages of modifying the teachings of Mushtaq in view of Mohamed with the teachings of Mushtaq in view of Ubriani by transmitting the generating a report. Please refer to the motivation recited above with respect to claims 1, 15, and 18 as to why it is obvious to apply the teachings of Ubriani to the teachings of Mushtaq in view of Mohamed.
As to claims 11 and 19, Mushtaq discloses:
wherein the first AI model comprises a first large language model (LLM) and the second AI model comprises a second LLM (0062, lines 4-8).
As to claim 13, Mushtaq discloses:
wherein generating the agent action space comprises generating code corresponding to the actions via the first AI model (0063, lines 1-9).
Mushtaq fails to specifically disclose:
wherein performing the reinforcement learning process comprises executing the code in an environment.
Nonetheless, this feature is well known in the art and would have been an obvious modification of the teachings disclosed by Mushtaq, as taught by Mohamed.
Mohamed discloses:
wherein performing the reinforcement learning process comprises executing the code in an environment (0033, lines 32-34).
Given the teaching of Mohamed, a person having ordinary skill in the art before the effective filing date of the claimed invention would have readily recognized the desirability and advantages of modifying the teachings of Mushtaq with the teachings of Mohamed by executing code. Please refer to the motivation recited above with respect to claims 1,15, and 18 as to why it is obvious to apply the teachings of Mohamed to the teachings of Mushtaq.
Claim(s) 2 and 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Mushtaq in view of Mohamed and Ubriani as applied to claims 1 and 15 above, and further in view of Crabtree et al. (WO 2025/147550 A2 and Crabtree hereinafter).
As to claims 2 and 16, Mushtaq in view of Mohamed and Ubriani fails to specifically disclose:
wherein the security data comprises at least one of: a cybersecurity intelligence report; cybersecurity associated code from a code repository; or a support ticket.
Nonetheless, this feature is well known in the art and would have been an obvious modification of the teachings disclosed by Mushtaq in view of Mohamed and Ubriani, as taught by Crabtree.
Crabtree discloses a system and method for AI-driven defensive cybersecurity strategy analysis and recommendation, the system and method having:
wherein the security data comprises at least one of: a cybersecurity intelligence report; cybersecurity associated code from a code repository; or a support ticket (0113, lines 1-9).
Given the teaching of Crabtree, a person having ordinary skill in the art before the effective filing date of the claimed invention would have readily recognized the desirability and advantages of modifying the teachings of Mushtaq in view of Mohamed and Ubriani with the teachings of Crabtree by using a security data such as a report. Crabtree recites motivation by disclosing that system information is gathered from a test in order to be used for a simulator in order to recommend cybersecurity improvements and improve security (0113). It is obvious that the teachings of Crabtree would have improved the teachings of Mushtaq in view of Mohamed and Ubriani by using a report of system information in order to improve security.
Allowable Subject Matter
Claims 6, 12, 14, and 20 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Prior Art Made of Record
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Abdelrahman et al. (US 2024/0333741 A1) discloses a system and method for layer 2 transaction monitoring.
Albero et al. (US 2025/0047708 A1) discloses a system and method for countermeasure implementation platform for preventing information misuse.
Bazalgette et al. (US Patent 12,238,140 B2) discloses a system and method for artificial intelligence based analyst as an evaluator.
Bubshait (US 2025/0247408 A1) discloses a system and method for threat risk management.
Challita et al. (WO 2024/199620 A1) discloses a system and method for controlling a path taken by a wireless device.
Fellows et al. (CA 3226148 A1) discloses a system and method for cyber security utilizing interactions between detected and hypothesize cyber-incidents.
Heinemeyer et al. (WO 2021/171090 A1) discloses a system and method for artificial intelligence adversary red team.
Hermoni et al. (US 2019/0280918 A1) discloses a system and method for automatically generating training data for analyzing a new configuration of a communication network.
Irimie et al. (US 2022/0021704 A1) discloses a system and method for AIDA based role models.
Jiang et al. (CN 119254452 A) discloses a system and method for evaluating network security.
Kim et al. (US 2025/0280029 A1) discloses a system and method for security inspection based on generative artificial intelligence and diagnostic device.
Korge et al. (US Patent 12,244,629 B2) discloses a system and method for applying reinforcement learning to cybersecurity graphs.
Millett et al. (WO 2025/097073 A1) discloses a system and method for live tracking of cyber components and AL guided automated vulnerability and detection fixing.
Mcdonald et al. (US 2025/0168186 A1) discloses a system and method for cybersecurity engine in a security management system.
Wang et al. (CN 119155099 A) discloses a system and method for network attack and defense decision supporting based on artificial intelligence.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SARAH SU whose telephone number is (571)270-3835. The examiner can normally be reached 6:30 AM - 3:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached at 571-272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/SARAH SU/Primary Examiner, Art Unit 2431