Prosecution Insights
Last updated: July 17, 2026
Application No. 19/001,052

CONSOLIDATED ALERT REMEDIATION USING LARGE LANGUAGE MODELS AND GRAPH STRUCTURES

Non-Final OA §101§102§103
Filed
Dec 24, 2024
Examiner
ALATA, AYOUB
Art Unit
2494
Tech Center
2400 — Computer Networks
Assignee
Palo Alto Networks Inc.
OA Round
1 (Non-Final)
82%
Grant Probability
Favorable
1-2
OA Rounds
1y 0m
Est. Remaining
99%
With Interview

Examiner Intelligence

Grants 82% — above average
82%
Career Allowance Rate
398 granted / 487 resolved
+23.7% vs TC avg
Strong +27% interview lift
Without
With
+26.8%
Interview Lift
resolved cases with interview
Typical timeline
2y 7m
Avg Prosecution
8 currently pending
Career history
499
Total Applications
across all art units

Statute-Specific Performance

§101
1.7%
-38.3% vs TC avg
§103
78.6%
+38.6% vs TC avg
§102
11.9%
-28.1% vs TC avg
§112
4.8%
-35.2% vs TC avg
Black line = Tech Center average estimate • Based on career data from 487 resolved cases

Office Action

§101 §102 §103
DETAILED ACTION 1. This is in reply to an application filed on 12/24/2024. Claims 1-20 are pending examination. 2. The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 3. Allowable subject matter Claims 2-5, and 11-14 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims. Note claims 17-20 would be allowable after amending claims 16-20 to overcome the 101 rejection and after being rewritten in independent form including all of the limitations of the base claim and any intervening claims. 4. Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claims 16-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter, as it does not fall under any of the statutory classes of inventions. This claim is directed towards computer-readable medium which is not limited to falling under the statutory classes of invention set forth. These claims in using the term “machine-readable medium” in accordance with paragraph 0074-0075 in Applicants’ Specification, allows for the machine-readable medium to be a signal. Based on current USPTO Policy, when the computer readable medium is not specifically defined as non-transitory in the Specification the broadest reasonable interpretation is used according to MPEP 2111, thus the computer readable medium may embody signals, i.e. transitory media. Examiner suggests that Applicants amend the claims to add a limitation to direct the language of the ‘machine-readable medium’ claims to only include the non-transitory embodiment which would remove the possibility of claiming signals. 5. Claim Rejections - 35 USC § 102 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention. Claims 1, 6-7, 10, 15 and 16 are rejected under 35 U.S.C. 102(a)(2) as being unpatentable over Bazalgetteet al,. US 2023/0403294 (hereinafter Bazalgette). Regarding claim 1 Bazalgetteet teaches a method comprising: retrieving a plurality of sets of remediation actions for each of a plurality of policy violations for security policies configured at one or more assets (Bazalgetteet teaches a cyber security restoration engine is configured to take one or more remediation actions to remediate one or more nodes in a graph of a system being protected back to a trusted operational state in order to assist in a recovery from the cyber threat [0024]); generating a graph structure with nodes representing remediation actions in the plurality of sets of remediation actions and edges indicating sequential ordering of remediation actions in the plurality of sets of remediation actions (Bazalgetteet teaches the cyber security restoration engine can prioritize among the one or more nodes to restore, which nodes to remediate and an order of the nodes to remediate, wherein this can be done using a graph-based representation of a cyberattack and using information stored in the graph as metadata that is derived by the restoration engine or other artificial intelligence based modules of the cyber security system [0050-0051], [0054], and fig. 3a-3B); populating a first prompt template with the graph structure to obtain a first prompt; and invoking a first language model with the first prompt to obtain in response a first set of remediation actions and a first script that performs the first set of remediation actions to resolve at least a subset of the plurality of policy violations (Bazalgetteet teaches a user interface can present remediation actions for a human to perform or authorize. The remediation actions may be based on the prioritization order determined by the restoration engine, the metadata within the graph of the cyber incident, and/or a high level, artificial intelligence classification of the cyber incident by the restoration engine. These may be in the form of one or more “playbooks”. Each playbook is a series of steps and actions to be performed by a human cyber security operative and/or the restoration engine in order to fully restore a node and/or an entire system [0080]. Utilizing one or more AI models trained with machine learning on the contextual knowledge of the organization. These trained AI models may be configured to identify data points from the contextual knowledge of the organization and its entities, which may include, but is not limited to, language-based data, email/network connectivity and behavior pattern data, and/or historic knowledgebase data [0099]). Regarding claim 6 Bazalgetteet teaches the method of claim 1, further comprising retrieving one or more scripts for remediating policy violations, wherein retrieving the one or more scripts comprises retrieving scripts corresponding to one or more types of the one or more assets, wherein populating the first prompt template further comprises populating the first prompt template with the one or more scripts (Bazalgetteet teaches a user interface can present remediation actions for a human to perform or authorize. The remediation actions may be based on the prioritization order determined by the restoration engine, the metadata within the graph of the cyber incident, and/or a high level, artificial intelligence classification of the cyber incident by the restoration engine. These may be in the form of one or more “playbooks”. Each playbook is a series of steps and actions to be performed by a human cyber security operative and/or the restoration engine in order to fully restore a node and/or an entire system [0080]). Regarding claim 7 Bazalgetteet teaches the method of claim 1, wherein the first prompt template comprises a task instruction to generate a set of remediation actions that represents the graph structure (Bazalgetteet teaches a user interface can present remediation actions for a human to perform or authorize. The remediation actions may be based on the prioritization order determined by the restoration engine, the metadata within the graph of the cyber incident, and/or a high level, artificial intelligence classification of the cyber incident by the restoration engine. These may be in the form of one or more “playbooks”. Each playbook is a series of steps and actions to be performed by a human cyber security operative and/or the restoration engine in order to fully restore a node and/or an entire system [0080]). In response to Claim 10: Rejected for the same reason as claim 1 In response to Claim 15: Rejected for the same reason as claim 6 In response to Claim 16: Rejected for the same reason as claim 1 6. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 8-9 are rejected under 35 U.S.C. 103 as being unpatentable over Bazalgetteet as mentioned above, in view of Benassi et al. US 2023/0153076 (hereinafter Benassi). Regarding claim 8 Bazalgetteet teaches the method of claim 1. Bazalgetteet does not teach one or more scripts comprise command line interface commands. Benassi substantially teaches an infrastructure-as-code (“IAC”) command line that instantiates component infrastructure among a plurality of component infrastructure to process at least one lifecycle event among the one or more lifecycle events [0023]. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Bazalgetteet such that the invention further includes one or more scripts comprise command line interface commands. One would have been motivated to do so because the command line interface provides grater speed, and precise system control. Regarding claim 9 Bazalgetteet teaches the method of claim 8, further comprising: populating a third prompt template with the first script to obtain a fourth prompt; and invoking a third language model on the fourth prompt to obtain an infrastructure- as-code script that performs the first set of remediation actions (Bazalgetteet teaches a user interface can present remediation actions for a human to perform or authorize. The remediation actions may be based on the prioritization order determined by the restoration engine, the metadata within the graph of the cyber incident, and/or a high level, artificial intelligence classification of the cyber incident by the restoration engine. These may be in the form of one or more “playbooks”. Each playbook is a series of steps and actions to be performed by a human cyber security operative and/or the restoration engine in order to fully restore a node and/or an entire system [0080]. Utilizing one or more AI models trained with machine learning on the contextual knowledge of the organization. These trained AI models may be configured to identify data points from the contextual knowledge of the organization and its entities, which may include, but is not limited to, language-based data, email/network connectivity and behavior pattern data, and/or historic knowledgebase data [0099], and further Benassi teaches an infrastructure-as-code (“IAC”) command line that instantiates component infrastructure among a plurality of component infrastructure to process at least one lifecycle event among the one or more lifecycle events [0023]). Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to AYOUB ALATA whose telephone number is (313)446-6541. The examiner can normally be reached on Monday - Friday 7:30 - 5:00 Est. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jung (Jay) Kim can be reached on (571)272-3804. The fax phone number for the organization where this application or proceeding is assigned is (571)273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /AYOUB ALATA/Primary Examiner, Art Unit 2494
Read full office action

Prosecution Timeline

Dec 24, 2024
Application Filed
Jun 23, 2026
Non-Final Rejection mailed — §101, §102, §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12682082
Oracle for Authenticating Software Layers Using Software Security Version Numbers and Security Context
2y 9m to grant Granted Jul 14, 2026
Patent 12682084
Third-Party Analytic and Machine Learning Model Validation
2y 0m to grant Granted Jul 14, 2026
Patent 12675585
METHODS, APPARATUSES AND SYSTEMS FOR OBTAINING DATA AUTHORIZATION
2y 6m to grant Granted Jul 07, 2026
Patent 12664275
BULK SNAPSHOT RECOVERY
3y 7m to grant Granted Jun 23, 2026
Patent 12664291
SECURE COMMUNICATIONS BETWEEN SUBORDINATE WORKSPACES AND THIRD PARTIES
2y 4m to grant Granted Jun 23, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

1-2
Expected OA Rounds
82%
Grant Probability
99%
With Interview (+26.8%)
2y 7m (~1y 0m remaining)
Median Time to Grant
Low
PTA Risk
Based on 487 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month