Abstract: In some embodiments, a tool receives a vulnerability alert, and inputs the vulnerability alert and associated code from a software package into a generative artificial intelligence model, the model primed to receive a given vulnerability alert and identify a location within the associated code having a given vulnerability pattern. The tool receives, as output from the model, a vulnerability pattern within a subset of the associated code and an explanation of why the vulnerability pattern matches the vulnerability alert. The tool performs a secondary verification that the vulnerability pattern matches the vulnerability alert, and, responsive to success of the secondary verification, performs a reachability analysis of the vulnerability pattern with respect to an application having the software package as a dependency.
Type:
Grant
Filed:
December 4, 2025
Date of Patent:
June 16, 2026
Assignee:
Socket, Inc.
Inventors:
Feross Hassan Aboukhadijeh, Benjamin Barslev Nielsen, Mikola Christopher Lysenko, Martin Torp
Abstract: A request is received to scan a package integration for a malicious dependency, the package integration to be integrated into an application. Using a known package cache, a subset dependencies of the package integration that have not been previously scanned is determined. Content of each file of the subset is input into a malware detection model, and an identification of an ambiguous pattern is received from the malware detection model. Responsive to receiving the identification of the ambiguous pattern, the ambiguous pattern is input into a severity model, and a level of severity that the ambiguous pattern would impose on an assumption that malware is present is received. Where the level of severity is above a threshold minimum level of severity, a query is transmitted to a generative machine learning model to determine whether malware is present.
Type:
Grant
Filed:
March 7, 2023
Date of Patent:
July 1, 2025
Assignee:
Socket, Inc.
Inventors:
Feross Hassan Aboukhadijeh, Mikola Christopher Lysenko
Abstract: A request is received to scan a package integration for a malicious dependency. A subset of dependencies of the package integration is determined that, if executed by an application, would be used. A known package cache is referenced to determine that at least a portion of a file of the subset was not previously scanned. A graph representation of the portion is generated, the graph representation including a tree with edges that connect the portion with one or more further dependent files that depend from the portion. The portion and its further dependent files are scanned for malware, and the known package cache is updated with the tree and with results of the scan. It is determined whether malware is within the package integration using the known package cache and the results of the scan, and an alert is output where malware is detected.
Type:
Grant
Filed:
March 7, 2023
Date of Patent:
May 27, 2025
Assignee:
Socket, Inc.
Inventors:
Feross Hassan Aboukhadijeh, Mikola Christopher Lysenko