Patents by Inventor Mark Cherp
Mark Cherp has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20260189585Abstract: Systems, methods, and apparatuses are disclosed for detection and prevention of adversarial attacks against large language models. Techniques may include receiving an input associated with a target large language model, analyzing the input with a pre-trained classification algorithm to determine a first deconstruction process to be applied to the input, and modifying the input with a first deconstruction model using the determined first deconstruction process. Techniques may also include determining a score of a likelihood of the input being adversarial based on an output of the first deconstruction model and by applying a classification model and updating at least one of the first deconstruction model or the classification model based on the score.Type: ApplicationFiled: October 22, 2025Publication date: July 2, 2026Applicant: CyberArk Software Ltd.Inventors: Mark CHERP, Eran SHIMONY, Niv RABIN
-
Publication number: 20260187473Abstract: Systems, methods, and apparatuses are disclosed for immunization of large language models against adversarial attacks. Techniques may include providing a prompt from an adversarial prompts dataset to a prompt mutator, generating a plurality of prompt mutations based on the prompt, providing one or more of the plurality of prompt mutations to a target large language model, evaluating an output of the target large language model with a classification model, and updating the adversarial prompts dataset based on the evaluation.Type: ApplicationFiled: December 31, 2024Publication date: July 2, 2026Applicant: CyberArk Software Ltd.Inventors: Mark Cherp, Eran Shimony
-
Patent number: 12554834Abstract: Described herein are methods, systems, and computer-readable storage media for dynamically configuring and deploying customizable secure wrappers. Techniques include identifying a code element and provisioning a first wrapper to execute the code element. Techniques further include allowing execution of the code element with the first wrapper, identifying a second wrapper for use in execution of the code element. The second wrapper is either customized for the code element or selected for the code element or both. Further, the code execution management system transitions from the first wrapper to the second wrapper, and allows execution of the code element with the second wrapper.Type: GrantFiled: December 21, 2021Date of Patent: February 17, 2026Assignee: CyberArk Software Ltd.Inventors: Mark Cherp, Nir Chako, Asaf Hecht
-
Patent number: 12476993Abstract: Systems, methods, and apparatuses are disclosed for detection and prevention of adversarial attacks against large language models. Techniques may include receiving an input associated with a target large language model, analyzing the input with a pre-trained classification algorithm to determine a first deconstruction process to be applied to the input, and modifying the input with a first deconstruction model using the determined first deconstruction process. Techniques may also include determining a score of a likelihood of the input being adversarial based on an output of the first deconstruction model and by applying a classification model and updating at least one of the first deconstruction model or the classification model based on the score.Type: GrantFiled: December 31, 2024Date of Patent: November 18, 2025Assignee: CyberArk Software Ltd.Inventors: Mark Cherp, Eran Shimony, Niv Rabin
-
Patent number: 11941109Abstract: Described herein are methods, systems, and computer-readable storage media for generation of a secure and dynamically mutable operating system. Techniques include receiving a request to execute an application causing instantiation of an operating system by identifying one or more needed modules that include core kernel modules and operating system service modules that are dynamically plugged-in or unplugged based on the execution of the application. Techniques may further include assigning a separate memory space with a separate virtual address for each of the one or more modules, generating a unique cryptographic key for each of the one or more modules, storing each virtual address and corresponding unique cryptographic key together. Further the operating system generation system encrypts each of the one or more modules using their corresponding unique cryptographic key.Type: GrantFiled: December 21, 2021Date of Patent: March 26, 2024Assignee: CYBERARK SOFTWARE LTD.Inventors: Mark Cherp, Nir Chako, Asaf Hecht
-
Publication number: 20230195882Abstract: Described herein are methods, systems, and computer-readable storage media for dynamically configuring and deploying customizable secure wrappers. Techniques include identifying a code element and provisioning a first wrapper to execute the code element. Techniques further include allowing execution of the code element with the first wrapper, identifying a second wrapper for use in execution of the code element. The second wrapper is either customized for the code element or selected for the code element or both. Further, the code execution management system transitions from the first wrapper to the second wrapper, and allows execution of the code element with the second wrapper.Type: ApplicationFiled: December 21, 2021Publication date: June 22, 2023Applicant: CyberArk Software Ltd.Inventors: Mark CHERP, Nir CHAKO, Asaf HECHT
-
Publication number: 20230195883Abstract: Described herein are methods, systems, and computer-readable storage media for generation of a secure and dynamically mutable operating system. Techniques include receiving a request to execute an application causing instantiation of an operating system by identifying one or more needed modules that include core kernel modules and operating system service modules that are dynamically plugged-in or unplugged based on the execution of the application. Techniques may further include assigning a separate memory space with a separate virtual address for each of the one or more modules, generating a unique cryptographic key for each of the one or more modules, storing each virtual address and corresponding unique cryptographic key together. Further the operating system generation system encrypts each of the one or more modules using their corresponding unique cryptographic key.Type: ApplicationFiled: December 21, 2021Publication date: June 22, 2023Applicant: CyberArk Software Ltd.Inventors: Mark CHERP, Nir CHAKO, Asaf HECHT
-
Patent number: 11620129Abstract: Disclosed embodiments relate to systems and methods for detecting fuzzing activity associated with a target program. Techniques include accessing a target program, monitoring, by a monitoring agent in a kernel space environment, the target program, and analyzing dynamic and static patterns of the target program. The techniques may further include assessing process parameters and inputs, evaluating instrumentation patterns in at least one basic block, assessing process creation frequency, assessing Syscalls invocation frequency, identifying suspicious processes, or comparing a runtime coverage ratio of a process to an expected coverage ratio. Systems and methods may also include calculating a confidence score, including applying a weighted value to an analyzed individual pattern based on the analysis, and identifying a likelihood of fuzzing activity based on the confidence score.Type: GrantFiled: May 20, 2022Date of Patent: April 4, 2023Assignee: CyberArk Software Ltd.Inventors: Eran Shimony, Mark Cherp, Nir Chako
-
Patent number: 11269787Abstract: Disclosed embodiments relate to systems and methods for providing an end-to-end secure lifecycle of data. Techniques include receiving a request from a client to access data; reserving a designated memory region; protecting the designated memory region using access restriction to certain processes of an operating system; receiving data from a trusted source; injecting the data into the designated memory region in a zero-copy manner; sending the data to the client in a zero-copy manner; receiving an indication that the client performed an interaction; and in response to the indication, disposing of the data and the designated memory region.Type: GrantFiled: July 14, 2021Date of Patent: March 8, 2022Assignee: CYBERARK SOFTWARE LTDInventors: Mark Cherp, Nir Chako, Asaf Hecht