Abstract: Systems, devices, and methods are disclosed to create a second subcluster in a sandbox, wherein the second subcluster corresponds to a first subcluster that requires an upgrade. The first subcluster is currently in use by a client executing an application. A second subcluster is created in a sandbox, which mirrors the first sandbox. The second subcluster is upgraded and, when complete, the first subcluster is paused, and state information is obtained from the first subcluster and copied to the second subcluster. Once the state information is uploaded to the second subcluster, communications between the client and database are set to use the second subcluster. As a result, the client experiences only a minor delay rather than any unavailability of the accessed databases.

Abstract: Data of a plurality of channels of a spread-spectrum network are received. For example, the data of the plurality of channels of the spread-spectrum network may be captured by a spread-spectrum router (e.g., a WiFi router). The data of the plurality of channels of the spread-spectrum network is analyzed to identify an anomalous cross-channel pattern across the plurality of channels of the spread-spectrum network. For example, the attack may be a sequential attack across each of the channels of the spread-spectrum network. In response to identifying the anomalous cross-channel pattern across the plurality of channels of the spread-spectrum network, an action is taken to protect the spread-spectrum network. For example, the action may be to notify an administrator of the spread-spectrum network that a potential attack is occurring on the spread-spectrum network or to block access to the spread-spectrum router.

Abstract: Systems, devices, and methods are disclosed to create a second subcluster in a sandbox, wherein the second subcluster corresponds to a first subcluster that requires an upgrade. The first subcluster is currently in use by a client executing an application. A second subcluster is created in a sandbox, which mirrors the first sandbox. The second subcluster is upgraded and, when complete, the first subcluster is paused, and state information is obtained from the first subcluster and copied to the second subcluster. Once the state information is uploaded to the second subcluster, communications between the client and database are set to use the second subcluster. As a result, the client experiences only a minor delay rather than any unavailability of the accessed databases.

Abstract: According to examples, an apparatus may include a processor and a non-transitory computer-readable medium on which is stored machine readable instructions that may cause the processor to receive a prompt for a large language model (LLM). The received prompt may include a query to perform a task on computing data through in-context learning in the LLM. The LLM may be fine-tuned on the computing data. In response to the received prompt, the processor may cause the LLM to learn the task via the in-context learning in the LLM. The processor may cause the LLM to output a completion in response to the query for the task. The completion may be generated by performing the learned task on the computing data in the LLM.

Abstract: A data flow graph and a control flow graph of each of a safe code section and an unsafe code section corresponding to the safe code section are extracted. Code variant-injected safe code sections corresponding to the safe code section and code variant-injected unsafe code sections, in which code semantics are not altered, are generated. Structurally modifiable code variant-injected code sections are generated based on the code variant-injected safe code sections, the code variant-injected unsafe code sections, and an impaired code section semantically uncorrelated to the code variant-injected safe code section and the code variant-injected unsafe code section. A version of test code is generated based on the structurally modifiable variant-injected code sections and a specified behavior.

Abstract: A visual media is received. For example, the received visual media may be a digital image, a video file, or a video stream. A plurality of colors in the visual media are identified. In response to identifying the plurality of colors in the visual media, one or more watermark colors missing from the plurality of colors. A first watermark is generated to include in the visual media. The first watermark comprises at least one of the missing one or more watermark colors. The watermarked visual media is verified using image processing.

Abstract: First anomalies are selected from those identified by security analysis, and are enhanced with additional information. Second anomalies occurring within a specified time period and regarding a specified entity, including at least one of the first anomalies, are also selected. A prompt is generated based on the second anomalies. The prompt is generated to solicit a response from a large language model (LLM) including a natural language summary synthesizing the second anomalies. The second anomalies are also evaluated against a database to identify related security threats. Scores for these security threats are generated, and a subset of the threats is selected based on the scores. Another prompt is generated based on the second anomalies and based on the selected subset of security threats. The prompt is generated to solicit a response from an LLM including a natural language summary associating the security threats with the second anomalies.

Abstract: Anomalies regarding a specified entity that occurred within a specified time period are selected from anomalies identified by security analysis performed on raw events. The selected anomalies are enhanced with additional information regarding the selected anomalies. A prompt is generated based on the selected anomalies as have been enhanced. The prompt is generated to solicit a response from a large language model (LLM) including a natural language summary synthesizing the selected anomalies. The generated prompt as input to the LLM, and the response is received as output from the LLM.

Abstract: One or more anomalies are selected from anomalies identified by security analysis performed on a raw events regarding entities. The selected anomalies are enhanced with additional information regarding them. A prompt is generated based on the selected anomalies as have been enhanced. The prompt is generated to solicit a response from a large language model (LLM) including a natural language summary of the selected anomalies. The generated prompt as input to the LLM, and the response is received as output from the LLM.

Abstract: Anomalies regarding a specified entity that occurred within a specified time period are selected and enhanced with additional information. The selected anomalies, as have been enhanced, are evaluated against a database to identify security threats that the selected anomalies are related to. Scores for the identified security threats are generated, and a subset of the security threats that the selected anomalies are related to is selected based on the scores. A prompt is generated based on the enhanced selected anomalies and based on the selected subset of the identified security threats. The prompt is generated to solicit a response from a large language model (LLM) including a natural language summary associating the identified security threats with the selected anomalies regarding the specified entity that occurred within the specified time period. The prompt as input to the LLM, and the response is received as output from the LLM.

Abstract: Log events for a target system are received. In each of a number of iterations, selection of a filter from a library of preexisting filters is received from a user, the selected filter is applied to the log events to generate filtered log events, and the filtered log events are displayed to the user. In each iteration other than a first iteration, the selected filter is applied to the filtered log events that are generated in an immediately preceding iteration.

Abstract: Domain-specific images used for training an optical character recognition (OCR) machine learning model are generated as follows. Universal resource locator (URL) addresses of web pages associated with a particular domain are retrieved. Words in the web pages associated with the particular domain are determined. Domain-relevant n-grams of the words are identified for the particular domain. Corresponding domain-specific images of each domain-relevant n gram for the particular domain are generated.

Abstract: A mutated issue in AI generated source code is identified. For example, the mutated issue may be a mutated type of malware. A snippet of source code in the AI generated source code that comprises the mutated issue is identified. A vector based on the snippet of source code in the AI generated source code that comprises the mutated issue is generated. Vectors of a second source code (e.g., a new software application) are compared using the vector generated from the snippet of source code in the AI generated source code that comprises the mutated issue. The comparison is used to identify new types of issues in the second source code.

Abstract: For each item represented within log events that have a power law-oriented distribution, first and second metrics for the item are computed based on the log events which pertain to the item. The items are organized over bins according to the first metric. The bins correspond to different ranges of the first metric. For each bin, the items in the bin are ordered according to the second metric. A plot of the bins over which the items have been organized according to the first metric, is graphically displayed, which includes displaying, for each bin, the items in the bin as have been ordered according to the second metric.

Abstract: One or more unused locations in a software image are identified. An example of a software image may be a container image or virtual machine image. An unused location may be a location where padding is used in the software image. A first watermark is placed in the one or more unused locations to produce a watermarked software image. A request is received to load the watermarked software image. In response to receiving the request to load the watermarked software image, a second watermark is generated using the one or more unused locations in the watermarked software image and the second watermark is then compared to the first watermark. In response to the first watermark matching the second watermark, the software image is loaded. In response to the first watermark not matching the second watermark, the software image is not loaded.

Abstract: A request to authenticate a user is received. A random authentication pattern is generated. For example, the random authentication pattern may be for the user to provide a series of biometric scans and/or gesture scans. Instructions for the random authentication pattern are sent to a communication device (e.g., to a smartphone or smartwatch). A generated authentication pattern is received from the communication device. The generated authentication pattern is compared to a stored set of biometric scans and/or gestures scans that are based on the random authentication pattern. The user is authenticated based on the generated authentication pattern meeting a threshold by comparing the generated authentication pattern to the stored set of biometric scans and/or gestures scans.

Abstract: Systems and methods are disclosed to develop and use a tool to enable an application package to be instrumented with automatic real user monitoring (RUM) without accessing the original source code. A package, such as Android application bundle (AAB) or Android package kit (APK), is imported and decoded and a generated source code file and/or manifest is obtained. Instrumentation is then added at a location corresponding to a code signature in the generated source code file (e.g., an operation to be instrumented before and/or after the operation). The generated source code file is then compiled and packaged into an APK and/or AAB file. The resulting application package is available for downloading, installation, and use on user devices with the instrumentation having been automatically added and without access to the original source code.

Abstract: A media is created. The media may be a document, an image, a video file, an audio file, a real-time communication session, an email, a chat session, and/or the like. The media is associated with a plurality of authentication levels. For example, the media may use a first authentication level that requires a username/password and a second authentication level that requires a fingerprint scan of a user. The media is created based on a security process according to the plurality of authentication levels. For example, the security process may be an encryption process and/or a tokenization process. The media is divided into a plurality of sections based on the plurality of authentication levels. The security process is applied to the plurality of sections based on the plurality of authentication levels.

Abstract: Language models require resource-intensive training. As a result, retraining language models happens very infrequently even though new or custom words are needed at a much faster rate. By deploying a custom set of words, speech recognition may be performed using a previously trained language model and augmented with entries in a custom word list. A probability map is created for each token position predicted by the model. Next, potential positions for custom words are identified by calculating the probability ratio between the token selected by the model and the custom word token. The probability ratios are summed for the first, second, and last tokens of the custom words, and if the sum falls below a certain threshold, the position is recorded. Next, the word or words starting at the recorded position are identified and, using string comparison metrics, are determined the most likely candidates for replacement.

Abstract: A system and method are provided that store electronic data describing events that have occurred in a computing system, index the electronic data to create indexed data records; and store the indexed data records in computer memory as part of a flat data structure.