Abstract: In one implementation, a device may identify features of a prompt to be sent to a language model that are indicative of a type of data that the prompt would cause the language model to access. The device may determine whether data control policies apply for the prompt based on the type of data that the prompt would cause the language model to access. The device may determine, based on the features, whether processing of the prompt by the language model violates an applicable data control policy. The device may prevent the language model from processing the prompt when the processing of the prompt violates the applicable data control policy.

Abstract: In one embodiment, a device may obtain a location of an endpoint that communicates with an application service. The device may match the location of the endpoint to a data compliance policy. The device may identify sensitive data within the application service to which the data compliance policy applies. The device may configure the application service to permit the endpoint to at least one of access or send the sensitive data when permitted by the data compliance policy.

Abstract: Devices, systems, methods, and processes for generating and sharing a verifiable Zero Knowledge (ZK) proof are described herein. A device may utilize one or more non-reversible aggregation techniques to receive, normalize, and aggregate one or more Carbon Footprint Metrics (CFMs) of the device corresponding to a timeframe. The device can generate a ZK attestation and the verifiable ZK proof based on an aggregated CFM or a sum of normalized CFMs, and a carbon footprint threshold for the timeframe. The device may further transmit the verifiable ZK proof to an auditing device. The auditing device can receive the verifiable ZK proof and verify, in a trustworthy manner, that the CFMs of the device corresponding to the timeframe are in compliance with the carbon footprint threshold. The device may hence prove the compliance with the carbon footprint threshold to the auditing device without actually sharing the CFMs with the auditing device.

Abstract: Energy-aware configurations can be utilized to operate a network based on sustainability-related metrics. In many embodiments, a suitable device includes a processor, a memory commutatively coupled to the processor, a plurality of elements, a communication port, and an energy-aware topology logic configured to collect topology data from one or more network devices, wherein each of the one or more network devices include a plurality of elements. The energy-aware topology logic can receive power source data and power usage data related to plurality of elements and generate an element energy coefficient (EEC) for a plurality of elements. Subsequently, the energy-aware topology logic can also generate an energy-aware configuration for at least one of the one or more network devices, and then pass the generated energy-aware configuration to the at least one network device, wherein the energy-aware configuration is configured to steer traffic based on at least one sustainability-related metric.

Abstract: Techniques for using real-time metrics and telemetry information to dynamically prioritize attack paths identified during a static analysis of a cloud native application, and using top priority attack paths identified during the static analysis to steer the dynamic analysis. The techniques may include identifying components of the cloud native application and connections between the components. The components and connections are analyzed to identify a set of attack paths. Network communications are monitored between the connections and metrics representing signals in the communications collected. A first subset of the attack paths based on a first portion of the metric indicating a real-time security vulnerability are identified. Finally, the first subset of the attack paths is prioritized over a second subset of the attack paths based at least in part on the first subset having the first portion of the metrics indicating real-time security vulnerabilities.

Abstract: In one embodiment, a device may determine a compliance status of a communication of a type of data between a first workload and a second workload based on a data compliancy policy and a verified node location of at least one of the first workload and the second workload. The device may send, based on the compliance status of the communication, an instruction for handling the communication to at least one of a node executing the first workload and a node executing the second workload.

Abstract: In one embodiment, a control tower device obtains, first state information from sensing or reporting systems or devices at a particular location via a first communication channel. The control tower device makes, based on the first state information, an evaluation regarding the particular location using one or more digital twins representing one or more entities of the particular location. The control tower device obtains second state information from one or more trusted verifiers for the particular location via a second communication channel. The control tower device verifies, based on the second state information, the evaluation regarding the particular location.

Abstract: Presented herein are techniques for verifying data. A method can include obtaining, from an oracle, a first data set associated with a distributed ledger. The method further includes obtaining a plurality of data sets from a plurality of sources. The method further includes generating a confidence level regarding the first data set for validating the first data set, based on comparing the first data set to the plurality of data sets. The method further includes storing the first data set in the distributed ledger based on the confidence level indicating that the plurality of data sets concurs with the first data set. The method further includes taking a remedial action without storing the first data set in the distributed ledger based on the confidence level indicating a discrepancy between the plurality of data sets and the first data set.

Abstract: In one example embodiment, at least one processor determines an impact of an event on a network to a network application based on network data and telemetry information of the network application. The telemetry information of the network application is obtained from the network application placed under conditions corresponding to the event. The at least one processor adjusts operation of the network application based on the impact.

Abstract: Presented herein are techniques for verifying data. A method can include obtaining, from an oracle, a first data set associated with a distributed ledger. The method further includes obtaining a plurality of data sets from a plurality of sources. The method further includes generating a confidence level regarding the first data set for validating the first data set, based on comparing the first data set to the plurality of data sets. The method further includes storing the first data set in the distributed ledger based on the confidence level indicating that the plurality of data sets concurs with the first data set. The method further includes taking a remedial action without storing the first data set in the distributed ledger based on the confidence level indicating a discrepancy between the plurality of data sets and the first data set.

Abstract: Devices, systems, methods, and processes for sustainably reallocating resources based on within a plurality of computing nodes of a network, such as a managed network are described herein. Each computing node may be configured to transmit infrastructure data to an infrastructure monitor or ecosystem management tool. Additional sustainability data may also be accessed either internally or externally. The infrastructure data and sustainability data may be utilized to generate one or more scores that can be evaluated against each other. These scores may be configured to reflect various conditions or facts about the computing nodes including the overall sustainability. In order to increase sustainability levels, a variety of different resource configurations can be generated and evaluated against each other and the current configuration.

Abstract: In one embodiment, a device may obtain an identifier of a proof of location process (PLP) and an identifier of a node where the PLP is executed. The device may receive a query from a compliance engine for a proof of location of the node where the PLP is executed. The device may identify, based on the identifier of the PLP and the identifier of the node, a physical location of the node. The device may provide, to the compliance engine, a response to the query that is indicative of the physical location of the node, wherein the compliance engine enforces one or more data compliance policies with respect to a workload executed by the node and based on the physical location of the node.

Abstract: Systems, methods, and computer-readable for cognitive sensor fusion management include obtaining one or more data streams from one or more sensors. Learning algorithms are used for determining whether a combination of the one or more data streams includes sufficient information for achieving a desired outcome, based on context, business verticals, or other considerations. One or more modifications are determined to at least the one or more data streams or one or more sensors based on whether the combination of the one or more data streams includes sufficient information for achieving the desired outcome. In a closed-loop system, feedback from implementing the one or more modifications can be used to update the desired outcome.

Abstract: A network of devices can be stabilized by administering an energy-aware topology that corresponds to a desired state derived in part from one or more sustainability metrics. Devices suitable for stabilization can include a processor, a memory, a plurality of elements, a communication port coupled with one or more neighboring devices, and an energy-aware topology logic. The energy-aware topology logic can monitor incoming traffic from one or more neighboring devices, receive current state data associated with the plurality of elements, and receive update data from the one or more neighboring devices via a sustainability-related augmented IGP. Also, the energy-aware topology logic can generate a desired state for the device based on at least the received current state data and update data. One or more of the plurality of elements may be modified in response to the generated desired state, wherein the modification involves changing one or more sustainability-related capabilities.

Abstract: Energy-aware configurations can be utilized to operate a network based on sustainability-related metrics. In many embodiments, a suitable device includes a processor, a memory commutatively coupled to the processor, a plurality of elements, a communication port, and an energy-aware topology logic configured to collect topology data from one or more network devices, wherein each of the one or more network devices include a plurality of elements. The energy-aware topology logic can receive power source data and power usage data related to plurality of elements and generate an element energy coefficient (EEC) for a plurality of elements. Subsequently, the energy-aware topology logic can also generate an energy-aware configuration for at least one of the one or more network devices, and then pass the generated energy-aware configuration to the at least one network device, wherein the energy-aware configuration is configured to steer traffic based on at least one sustainability-related metric.

Abstract: Described herein are embodiments related to systems, methods, and processes for sharing sustainability-related attributes and data across multiple domains. More specifically, some embodiments describe a sustainability aggregation device which may include a controller or other processor, and a memory. The memory includes a sustainability aggregation logic that can receive telemetry data associated with a first network domain, and in response, generate a multi-layer topology graph for the first network domain. In response to the graph being generated, it can be augmented with one or more sustainability-related attributes. However, the device can prune the augmented multi-layer topology graph based on one or more export policies and export the pruned augmented multi-layer topology graph to a second network domain.

Abstract: In one embodiment, a method for detecting an unknown attack vector, by a system, includes receiving a marked span that has been flagged for inspection. The method further includes conducting a root cause analysis to determine if the marked span should be classified as an attack. In response to a determination that the marked span should be classified as an attack, the method further includes determining whether the marked span engaged with data corresponding to one or more application services defining the marked span. The method further includes designating the data corresponding to the one or more application services as compromised in response to a determination that the marked span did engage with said data.

Abstract: In one embodiment, a method for storing auditable metadata, by a system, includes receiving incoming signals communicated from at least one application service to a first pod associated with a user space of a node. The method further includes extracting metadata associated with data provided by the received incoming signals. The method further includes receiving outgoing signals communicated from the first pod to an external entity, wherein the incoming signals and the outgoing signals are received by a listener module. The method further includes comparing the incoming signals to the outgoing signals to detect a variation and determining that the data has been transmitted to the external entity based on a determination that there is no detected variation from the comparison between the incoming signals and the outgoing signals.

Abstract: In one embodiment, a device may receive a request for training data that is based on application data generated by an application executed at a data collection node, wherein the application data is associated with metadata identifiers. The device may determine one or more training data constraints that restrict use of the application data as training data. The device may generate the training data in part by excluding application data of a particular type from being included in the training data based on a match between its metadata identifier and the one or more training data constraints. The device may provide the training data to be used to train a machine learning model.

Abstract: A system and a method to map attack paths in a visualization interface may include storing in a memory asset inventory indicating application assets, attack vector parameters configured to indicate vulnerabilities of one or more of the application assets, and asset mapping information. A processor may determine multiple vulnerable assets in the application assets based at least in part upon the attack vector parameters. Further, the processor may obtain security parameters from a security framework indicating one or more attack techniques, associate each of the vulnerable assets to one or more of the security parameters, and generate a visual interface showing the vulnerable assets and the security parameters. The processor may determine an attack path connecting the vulnerable assets based at least in part upon the asset mapping information, and map the attack path to the application layers and the security parameters in the visual interface.