Abstract: Systems and methods for hardening system prompts are disclosed herein. An example method is performed by one or more processors of a hardening system. The example method may include receiving an initial prompt for a language model (LM), generating an initial accuracy score representative of an extent to which output generated by the LM matches a target output when the initial prompt is used as its system prompt, generating an initial robustness score representative of an extent to which the LM resists adversarial attacks when the initial prompt is used as its system prompt, and iteratively transforming, using an artificial intelligence (AI)-based hardening agent in conjunction with a set of machine learning (ML)-based optimization tools and a reinforcement learning (RL) technique, the initial prompt into a hardened prompt such that the hardened prompt maximizes an increase of the initial robustness score and minimizes a decrease of the initial accuracy score.

Abstract: Security against identity theft in generative artificial intelligence applications includes receiving, from a user computing device, an online user prompt to a large language model (LLM), the online user prompt associated with a user identifier, tokenizing the online user prompt to generate a target set of tokens, and tagging each token in the target set based on parts of speech to obtain a tagged target set. Security further includes processing, by a vector embedding model, the tagged target set to generate multiple vector embeddings, processing, by a sequential model, the vector embeddings to generate a target vector, processing, by an anomaly detection model using or trained with a signature of the user identifier, the target vector to detect whether user impersonation exists. Security further includes blocking, in real time with receiving the online user prompt, access to the LLM based on detecting that user impersonation exists.

Abstract: Genetic algorithm testing of a target application includes sending attack utterances to a target application. Genetic algorithm testing further includes receiving, from the target application, application LLM responses generated by the target application and the application LLM responsive to the attack utterances. The application LLM responses are each linked to a corresponding attack utterance to form multiple pairs. Genetic algorithm testing further includes sending, to an evaluation LLM, at least one evaluation LLM prompt including the pairs, identifying, from the set of evaluation results from the evaluation LLM, at least two attack utterances that caused the target application to fail. Genetic algorithm testing further includes mutating the at least two attack utterances to generate a new attack utterance and testing the target application with the new attack utterance to update the set of evaluation results. Genetic algorithm testing further includes presenting the set of evaluation results.

Abstract: Systems and methods for hardening and/or validating a system prompt are disclosed herein. An example validation method is performed by one or more processors of a computing system. The example method may include receiving a transmission including a full prompt over a communications network from an application, the full prompt including a system prompt associated with the application and a user prompt from a user of the application, determining whether the system prompt conforms to an expected prompt for the application, and selectively transmitting the full prompt to a language model (LM) based on whether the system prompt conforms to the expected prompt, the selective transmission including transmitting the full prompt to the LM responsive to determining that the system prompt conforms to the expected prompt, and refraining from transmitting the full prompt to the LM responsive to determining that the system prompt does not conform to the expected prompt.

Abstract: Certain embodiments of the disclosure provide techniques for hallucination detection. A method generally includes generating, via a first language model and based on a seed question, a plurality of semantically similar questions; processing the plurality of semantically similar questions with a second language model to generate a plurality of answers; processing the plurality of answers with a third language model to generate a plurality of factual statements; processing the plurality of factual statements with an embedding model to generate a plurality of embeddings; clustering the plurality of embeddings into a plurality of clusters; determining an average proximity score of the plurality of clusters based on a centroid of each of the plurality of clusters; and determining whether the plurality of answers generated by the second language model comprises a hallucination based on a number of the plurality of clusters and the average proximity score of the plurality of clusters.

Abstract: Aspects of the present disclosure relate to automated transaction categorization. Embodiments include generating, via an embedding model, a first embedding representation of a training text; assigning, via a text classification model, a class to the training text based on the first embedding representation of the training text; generating an embedding representation of a given phrase within the training text based on confirming that the class assigned to the training text is an incorrect class for the training text, wherein the given phrase is selected based on an association between the given phrase and a correct class for the training text; generating an updated embedding representation of the training text based on the first embedding representation of the training text and the embedding representation of the given phrase; and training the text classification model through a supervised learning process involving the updated embedding representation of the training text.

Abstract: A method includes receiving, at a server from a user device, a user prompt to a large language model (LLM). The user prompt is segmented to generate a set of user segments. An encoding model generates the set of user segments into a set of user vectors. The method further includes scoring each user vector of the set of user vectors based on a comparison between the user vector and a set of stored vectors in a vector store to generate a set of user vector scores, detecting whether the user prompt is malicious according to the set of user vector scores, and setting a prompt injection signal based on whether the user prompt is detected as malicious according to the set of user vector scores.

Abstract: A system and method of designing a drug by at least one processor may include obtaining a molecule string data element, representing ad-hoc structure of a molecule. The molecule string may include at least one token, representing (i) indication of a beginning of the molecule string, (ii) one or more components of the molecule, and/or (iii) relation between components of the molecule. The at least one processor may apply an embedding algorithm on the molecule string, to obtain an embedding vector, representing the ad-hoc structure of the molecule in an embedding space, and apply a pretrained transformer-based decoder model on the embedding vector, to select a subsequent token from a predetermined set of tokens; append the predicted token to the molecule string; and, following identification of occurrence of an end condition, append a token representing end of the molecule string, to determine composition of the drug.

Abstract: A method including extracting a number of page features from a web page. The number of page features represent an executable logic of the web page. The method also includes embedding, by a page feature embedding model, the number of page features to generate a page vector data structure. The method also includes comparing, by a comparison model, the page vector data structure and a number of script vector data structures to identify a selected script. Each of the number of script vector data structures is generated by a script feature embedding model processing computer executable program code of a corresponding script for performing a computer function on a web page. The method also includes presenting the selected script.

Abstract: A method includes receiving, at a server from a user device, a user prompt segment to a large language model (LLM), obtaining an additional prompt segment from a prompt data source, identifying a electronic address in the prompt segment, replacing the electronic address with a placeholder to generate a updated prompt segment, generating a LLM prompt comprising the updated prompt segment and the user prompt segment, and sending the LLM prompt to the LLM. The method further includes receiving a response to the LLM prompt from the LLM, the response comprising the placeholder, replacing the placeholder with the electronic address to generate an updated response, and sending the updated response to the user device.

Abstract: A method includes receiving, at a server from a user device, a user prompt segment to a large language model (LLM), obtaining an additional prompt segment from a prompt data source, identifying a electronic address in the prompt segment, replacing the electronic address with a placeholder to generate a updated prompt segment, generating a LLM prompt comprising the updated prompt segment and the user prompt segment, and sending the LLM prompt to the LLM. The method further includes receiving a response to the LLM prompt from the LLM, the response comprising the placeholder, replacing the placeholder with the electronic address to generate an updated response, and sending the updated response to the user device.

Abstract: A system and method of predicting efficacy of treatment of a predetermined medical condition by at least one processor may include obtaining a Drug-Drug Interaction (DDI) embedding value, representing occurrence of DDIs between a substance of interest and one or more drugs selected from a plurality of baseline drugs, in a DDI embedding space; receiving a chemical structure data element, representing a chemical structure of the substance of interest; and predicting efficacy of the substance of interest in treatment of the predetermined medical condition based on (i) the DDI embedding value and (ii) the structure data element.

Abstract: Methods of treating pancreatic cancer or metastasis thereof by administering eravacycline or a derivative thereof are provided. Pharmaceutical compositions including eravacycline or a derivative thereof for use in treating pancreatic cancer or a metastasis thereof are also provided.

Abstract: Aspects of the present disclosure relate to detecting hallucinations in language model outputs. Embodiments include receiving a user query. Embodiments further include prompting a language processing machine learning model to generate responses to the user query in each language of a set of multiple languages. Embodiments further include receiving the responses from the language processing machine learning model in response to the prompting. Embodiments further include creating embedding representations of the responses. Embodiments further include calculating, based on the embedding representations, a degree of semantic similarity between the responses. Embodiments further include determining that a response of the responses contains a model hallucination based on comparing the degree of semantic similarity between the responses to a threshold.

Abstract: Certain aspects of the disclosure pertain to prompt creation using language models in an evolutionary algorithm framework. A language model can be employed to generate an initial set of candidate prompts that return responsive replies to legitimate questions and disapproval replies to illegitimate questions. Candidate prompts can be scored. Subsequently, two or more candidates can be selected based on their scores. Additionally, candidate prompts can be generated with a language model by applying evolutionary operations to the two or more candidate prompts. Scores can be generated for the additional candidate prompts, and a termination criterion is evaluated to determine whether another iteration should be performed. After the termination criterion is satisfied, one or more candidate prompts can be output based on their score.

Abstract: At least one processor may receive at least one document and generate at least one respective summary of each respective at least one document, the generating comprising omitting information originally included in the at least one document that is irrelevant to a computing task. The at least one processor may generate at least one respective embedding of each at least one respective summary and a retrieval augmented generation (RAG) database comprising the at least one respective embedding. The RAG database may be deployed so that the RAG database is configured to provide RAG data to a large language model (LLM) responsive to prompts generated through the computing task.

Abstract: Aspects of the present disclosure relate to dynamic token screening and enhanced response generation using machine learning models. Embodiments include determining, by a machine learning model, a baseline attention weight for each token of a plurality of tokens contained in a text string received as an input to the machine learning model. Embodiments include identifying one or more protected tokens of the plurality of tokens contained in the text string and generating a dropout probability for each protected token of the one or more protected tokens. Embodiments include determining, by the machine learning model, a revised attention weight for each token of the plurality of tokens based on the dropout probability for each protected token. Embodiments include generating, by the machine learning model, an output based on the text string and the revised attention weight for each token. Embodiments include providing the output in response to the input.

Abstract: A method including applying a test large language model to a test input to generate a test output. An encoding model is applied to the test input and test output to generate an encoded test input and an encoded test output. A cluster assignment model is applied to a combination of the encoded test input, the encoded test output, and a set of clusters. The cluster assignment model identifies an input cluster to which the encoded test input belongs and an output cluster to which the encoded test output belongs. A comparison model is applied to the input cluster and the output cluster to identify a relationship between the input cluster and the output cluster and to determine whether the relationship is one of multiple pre-existing relationships among the clusters. A result is returned responsive to the relationship failing to match at least one of the pre-existing relationships.

Abstract: A method and system of predicting drug-drug interactions (DDIs) may include receiving: (a) a DDI data structure, representing known DDIs between baseline drugs, (b) a plurality of baseline drug data elements, comprising line-notation descriptions of chemical structure of corresponding baseline drugs, and (c) a substance data element, comprising a line-notation description of a chemical structure of a substance of interest. Embodiments may calculate one or more similarity metric values, representing structural similarity between the substance of interest and specific baseline drugs, and select a subset of the baseline drugs based on the one or more similarity metric values. Embodiments may subsequently predict DDI between the substance of interest and a target baseline drug, based on (i) the selected subset of baseline drugs and (ii) the DDI data structure.

Abstract: Techniques for detecting suspicious data object access requests indicative of potential insider threats are described. A suspicious access detection module (SADM) determines, based on access data describing a access requests issued on behalf of multiple users, groups of the users having similar patterns of accesses to resource groups, a set of the resource groups accessed by each of the user groups, and ones of the user groups that are to be considered nearby others of the user groups based on having a threshold amount of resource group access similarities. The SADM causes an alert to be generated responsive to a determination that a subsequent access request is suspicious because it accesses a data object of a resource group that is not within the set of accessed resource groups of the issuing user's user group, and because the resource group is not within the sets of accessed resource groups of any nearby user groups.