Prosecution Insights
Last updated: July 17, 2026
Application No. 19/240,524

USING AN LLM TO GENERATE API AND APPLICATION VULNERABILITY MITIGATION POLICIES FOR API GATEWAYS, WEB APPLICATION FIREWALLS, NEXT GENERATION FIREWALLS, AND IPS/IDS TOOLS

Non-Final OA §103
Filed
Jun 17, 2025
Priority
Jun 20, 2024 — provisional 63/662,186
Examiner
LI, MENG
Art Unit
2437
Tech Center
2400 — Computer Networks
Assignee
Wallarm Inc.
OA Round
3 (Non-Final)
87%
Grant Probability
Favorable
3-4
OA Rounds
1y 2m
Est. Remaining
99%
With Interview

Examiner Intelligence

Grants 87% — above average
87%
Career Allowance Rate
498 granted / 575 resolved
+28.6% vs TC avg
Strong +20% interview lift
Without
With
+19.9%
Interview Lift
resolved cases with interview
Typical timeline
2y 3m
Avg Prosecution
24 currently pending
Career history
594
Total Applications
across all art units

Statute-Specific Performance

§101
2.7%
-37.3% vs TC avg
§103
85.5%
+45.5% vs TC avg
§102
2.0%
-38.0% vs TC avg
§112
5.6%
-34.4% vs TC avg
Black line = Tech Center average estimate • Based on career data from 575 resolved cases

Office Action

§103
DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. Continued Examination Under 37 CFR 1.114 A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 03/12/2026 has been entered. Response to Amendment The Amendment filed on 02/05/2026 has been entered. The rejection of claims 1-8 under 35 U.S.C 101 is withdrawn in view of the amendment and the 2019 Revised Patent Subject Matter Eligibility Guidance Claims 1, 8 and 14 are amended. Claims 4 and 8 are cancelled. Claims 1-3 and 5-7 are pending of which claims 1 and 5 are independent claims. Response to Arguments Applicant's arguments filed on 02/05/2026 have been fully considered and they are persuasive. A new ground of rejection is made below. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. Claims 1, 3, 5 and 7 are rejected under 35 U.S.C. 103 as being unpatentable over Parla (Pub. No.: US 2025/0097237) in view of Kim et al. (Pub. No.: US 2021/0168169, hereinafter Kim). Regarding claim 1: Parla teaches: A computer-implemented method for generating application programming interface (API) and application vulnerability mitigation policies, the method comprising: generating, by the LLM and based on the received inputs, API and application vulnerability mitigation policies that include a policy and/or configuration file for at least one of an API gateway, a web application firewall, a next generation firewall, or intrusion prevention/detection systems (IPS/IDS) (Parla - [0089] Using the attack vectors 224, a policy and configuration generator 226 then generates a policy 228 for the prompt generator 230. Policy 228 directs the prompt generator 230 regarding the substance (e.g., the attack vectors 224) and style of the summary 232 to be created by the prompt generator 230. Policy 228 can include a comprehensive list of known attack vectors relevant to the system or software in consideration. This list could contain vulnerabilities, exploits, malware, and social engineering tactics. For each attack vector identified, policy 228 outlines which specific security measures and configurations are necessary to mitigate or prevent any associated attacks); executing, by a feedback loop automation engine (FLAE), the API and application vulnerability mitigation policies against the code with the one or more vulnerability exploits to produce feedback data including at least one of policy errors, mitigation errors, or exploit- mitigation results; and updating, by the LLM, the API and application vulnerability mitigation policies based on the feedback data generated by the FLAE (Parla - [0093] FIG. 3 illustrates an example process for penetration testing for optimization of network security policies. [0099]: analyzing one or more cybersecurity threats that successfully penetrated the security service and generating the update of the policy used by the security management service 108 is performed using an LLM. The LLM can be made aware of a current policy used by the security service and prompted to analyze one or more cybersecurity threats to generate an update of the current policy. See also [0103] and [0119]). Although Parla [0075] discloses the threat intelligence service 144 collects data from many devices and adds to it all the data collected by partners to analyze vectors of new attacks using LLM, Parla doesn’t explicitly teach a plurality of inputs including textual description of vulnerabilities, code with one or more vulnerability exploits, and meta-data, and code with one or more vulnerability exploits comprising computer-executable exploit code configured to exercise a known vulnerability of a target API or application. However, Kim discloses: receiving, by a large language model (LLM), a plurality of inputs including textual description of vulnerabilities, code with one or more vulnerability exploits, and meta-data, and code with one or more vulnerability exploits comprising computer-executable exploit code configured to exercise a known vulnerability of a target API or application (Kim - [0048]: The collector 120 collects various information for generating and/or optimizing a rule. For example, the collector 120 may collect information on a device (e.g., a name, a manufacturer, an operating system, firmware, etc.), vulnerability information on the device (e.g., CVE information), exploit information, or the like); It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Parla with Kim so that LLM input data can be vulnerability information on the device, exploit information and meta-data. The modification would have allowed the system to increase usability and be more flexible. Regarding claim 3: Parla teaches: wherein the meta-data comprises one or more of information regarding the API, technical infrastructure information, notation of error handling, notation of exceptions/error codes, or user-defined extra requirements (Parla - [0070]: The threat research service 112 may contain threat identification updates, also referred to as definition files and can store these definition files in the knowledgebase 136. A definition file may be a virus identity file that may include definitions of known or potential malicious code. The virus identity definition files may provide information that may identify malicious code within files, applications, or the like). Regarding claims 5 and 7: Claims are directed to computer readable medium claims and do not teach or further define over the limitations recited in claims 1 and 3. Therefore, claims 5 and 7 are also rejected for similar reasons set forth in claims 1 and 3. Furthermore, Parla [0131] discloses a processor and memory on which stored a set of instructions. Claims 2 and 6 are rejected under 35 U.S.C. 103 as being unpatentable over Parla (Pub. No.: US 2025/0097237) in view of Kim et al. (Pub. No.: US 2021/0168169, hereinafter Kim) and Cameron et al. (Pub. No.: US 2025/0036777, hereinafter Cameron). Regarding claims 2 and 6: Parla as modified doesn’t explicitly teach but Cameron discloses: wherein the textual description of vulnerabilities comprises manually created and validated policies for vulnerabilities (CVEs) with their exploits and step-by-step guides on its reproduction (Cameron - [0061]: the information included in security vulnerability descriptions, the information included in the platform-specific policy, the one or more computing aspects, and the impact level measures, the system protection measures, or other information). It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Parla and Kim with Cameron so that vulnerability description includes policies and many other information. The modification would have allowed the system to increase security. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to MENG LI whose telephone number is (571)272-8729. The examiner can normally be reached M-F 8:30-5:30. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Alexander Lagor can be reached on (571) 270-5143. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /MENG LI/ Primary Examiner, Art Unit 2437
Read full office action

Prosecution Timeline

Jun 17, 2025
Application Filed
Aug 20, 2025
Non-Final Rejection mailed — §103
Nov 17, 2025
Response Filed
Dec 04, 2025
Final Rejection mailed — §103
Feb 05, 2026
Response after Non-Final Action
Mar 12, 2026
Request for Continued Examination
Mar 19, 2026
Response after Non-Final Action
May 19, 2026
Non-Final Rejection mailed — §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12682050
PROCESSOR SUPPORT FOR SOFTWARE-LEVEL CONTAINMENT OF ROW HAMMER ATTACKS
4y 6m to grant Granted Jul 14, 2026
Patent 12664286
Predicting and Quantifying Weaponization of Software Weaknesses
2y 11m to grant Granted Jun 23, 2026
Patent 12665740
METHODS AND APPARATUSES FOR JOINTLY PROCESSING DATA BY TWO PARTIES FOR DATA PRIVACY PROTECTION
2y 5m to grant Granted Jun 23, 2026
Patent 12664288
GENERATING REMEDIATION STRATEGIES FOR RESPONDING TO SECURITY DEFICIENCIES USING GENERATIVE MACHINE LEARNING MODELS
2y 3m to grant Granted Jun 23, 2026
Patent 12645804
Managing Implementation Of Application-Code Scanning Processes
2y 1m to grant Granted Jun 02, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

3-4
Expected OA Rounds
87%
Grant Probability
99%
With Interview (+19.9%)
2y 3m (~1y 2m remaining)
Median Time to Grant
High
PTA Risk
Based on 575 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month