Abstract: A mutated issue in AI generated source code is identified. For example, the mutated issue may be a mutated type of malware. A snippet of source code in the AI generated source code that comprises the mutated issue is identified. A vector based on the snippet of source code in the AI generated source code that comprises the mutated issue is generated. Vectors of a second source code (e.g., a new software application) are compared using the vector generated from the snippet of source code in the AI generated source code that comprises the mutated issue. The comparison is used to identify new types of issues in the second source code.

Abstract: An initial corpus of source code is received. The initial corpus of source code is for training an Artificial Intelligence (AI) algorithm that generates source code. The initial corpus of source code is scanned, using a test suite, to identify one or more potential vulnerabilities in the initial corpus of the source code. The identified one or more potential vulnerabilities in the initial corpus of the source code are mitigated to produce a training corpus of source code. For example, the mitigation may comprise removing malware from the initial corpus. The mitigation is to remove the vulnerabilities so that the vulnerabilities do not show up in source code generated by the AI algorithm. The AI algorithm is then trained using the training corpus of source code. The trained AI algorithm is executed to produce generated source code.

Abstract: A defect in the code of a software program is identified. An initial ranking for the defect in the code of the software program is determined. One or more network websites are crawled to identify information associated with the defect in the code of the software program. The information associated with the defect in the defect in the code of the software program is analyzed. In response to analyzing the information associated with the defect in the code of the software program, a second ranking is created for the defect in the code of the software program. The defects in the code of the software program and the second ranking are generated for display in a graphical user interface. By prioritizing which defects are more critical, the quality of the released software improved. In addition, the released software is more secure because critical defects have been removed.

Abstract: A virtualization pattern is learned. The learned virtualization pattern comprises information associated with one or more virtualized processes. For example, the virtualization pattern may comprise the creation of a first micro service and the spawning of a second micro service from the first micro service. The learned virtualization pattern is compared to a current virtualization pattern to identify an anomalous virtualization pattern in the current virtualization pattern. In response to identifying the anomalous virtualization pattern in the current virtualization pattern, an action is taken. For example, the action taken may be to quarantine a virtual process, to unload the virtual process, to quarantine a tenant partition, and/or the like.

Abstract: A training corpus for training a similarity algorithm is retrieved. For example, the training corpus may be source code of a software application. The similarity algorithm is trained using the training corpus. A network is crawled to identify data. For example, the Internet may be randomly crawled to identify source code. The data is run through the similarity algorithm to determine a likely match between the training corpus and the identified data on the network. In response to determining the likely match between the training corpus and the identified data on the network, an action is taken. For example, the action may be to identify a particular website as containing illegally copied source code of the software application.

Abstract: A request to add a new block to a blockchain is received. Data associated with the new block is scanned to identify malware and/or an anomaly. In response to identifying the malware and/or the anomaly in the data associated with the new block, an action is taken. The action includes: rejecting the request to add the new block to the blockchain, or removing the malware/anomaly from the new block and adding the new block to the blockchain. In a second embodiment, a malware event is identified that identifies malware/an anomaly in a block in a blockchain. In response to the malware event, an action is taken. The action includes: consolidating the blockchain, bypassing the block in the blockchain, consolidating the blockchain and bypassing the block in the blockchain, and deleting an encryption key that was used to encrypt the associated data that comprises the malware and/or the anomaly.

Abstract: A request to install a first version of a software application is received. The first version of the software application is stored in a first blockchain in a first distributed blockchain ledger. In response to receiving the request to install the first version of the software application, the first version of the software application is validated by running a hash of the first blockchain. In response to validating the first version of the software application, the first version of the software application is installed from the blockchain to a device. The software application may also be validated after being installed to the device.

Abstract: A current software tool is identified. The current software tool is used to manage and/or create a current corresponding software. For example, the current software tool may be a compiler and the current corresponding software may be a binary executable. A current mapping is generated between code provided to the current software tool and the current corresponding software using a first Artificial Intelligence (AI) algorithm. A comparison between the current mapping and a learned mapping is made to determine if the current software tool is manipulating the current corresponding software in an abnormal way. The learned mapping is based on historical code input into historical software tools and corresponding historical code output from the historical software tools. In response to determining that the current software tool is manipulating the current corresponding software in an abnormal way, the current software tool is identified as being compromised or likely compromised.

Abstract: Sensitive information is identified. For example, the sensitive information may be a set of medical records. A request is received to send the sensitive information from a first domain to a second domain. For example, the request may be to send the sensitive information from a first corporation to a second corporation. The sensitive information is encrypted. The encrypted sensitive information comprises an authentication field. The authentication field identifies one or more authentication factors that are required to unencrypt the sensitive information. For example, the authentication field may indicate that a user is required to provide a username/password and a fingerprint scan to access the sensitive information. The encrypted sensitive information is sent to the second domain. The user in the second domain is required to authenticate using the one or more authentication factors to access the sensitive information.

Abstract: A request to authenticate is received. For example, the request to authenticate may be to authenticate to a software application or a device. The request to authenticate is for a first authentication level for a user. The first authentication level is one of a plurality of authentication levels for the user. The request to authenticate is authorized based on a provided one or more authentication factors (e.g., a valid username/password). A plurality of authentication tokens are retrieved. The plurality of authentication tokens are associated with the first authentication level. In addition, each authentication token of the plurality of authentication tokens is associated with an individual application of a plurality of applications. Access to information in the plurality of applications is granted based on the plurality of authentication tokens.

Abstract: Data of a plurality of channels of a spread-spectrum network are received. For example, the data of the plurality of channels of the spread-spectrum network may be captured by a spread-spectrum router (e.g., a WiFi router). The data of the plurality of channels of the spread-spectrum network is analyzed to identify an anomalous cross-channel pattern across the plurality of channels of the spread-spectrum network. For example, the attack may be a sequential attack across each of the channels of the spread-spectrum network. In response to identifying the anomalous cross-channel pattern across the plurality of channels of the spread-spectrum network, an action is taken to protect the spread-spectrum network. For example, the action may be to notify an administrator of the spread-spectrum network that a potential attack is occurring on the spread-spectrum network or to block access to the spread-spectrum router.

Abstract: A determination is made to see if a user has authenticated to a computer system using a plurality of authentication levels. For example, the user may have had a first session where the user is authenticated at authentication level one and a second session where the user is authenticated at authentication level two. Behavior of the user is separately tracked at each of the plurality of authentication levels to identify separate usage patterns of the user at each of the plurality of authentication levels. Anomalous behavior of the user is identified based on one or more variations from the separate usage patterns of the user at, at least one of the plurality of authentication levels. An action is taken based on identifying the anomalous behavior of the user. For example, the user's account may be locked, or an administrator may be notified.

Abstract: A watermark is generated. The generated watermark is specific to an individual owner of a media. The media may be any type of electronic media, such as, an image, a document, a movie, an audio file, a software application, and/or the like. The watermark is inserted into the media. The watermark in the media is changed when ownership of the media is changed. For example, as the media is sold to a new owner, the new owner's watermark is added to the media so that a chain of title can be verified directly from the media. In addition, the chain of title may also be verified via a blockchain.

Abstract: A secondary fragment of an encryption key is received. The secondary fragment is associated with an authentication process of a user. The secondary fragment is one of a plurality of secondary fragments of the encryption key. The user is authenticated (e.g., by validating a username/password). The encryption key is regenerated using the secondary fragment and a primary fragment of the encryption key. In response to regenerating the encryption key using the secondary fragment and the primary fragment, and authenticating the user: access is granted, to the user, by unencrypting an encrypted data record using the regenerated encryption key.

Abstract: To write forgettable data to a blockchain, the forgettable data is transmitted to a server, from which encrypted data corresponding to the forgettable data are received. A hash of the forgettable data is generated. A data block including the encrypted data and control data including the hash is added to the blockchain.

Abstract: A first hash of information is generated. The first hash of the information is used to validate if the information (e.g., a software application) has changed. The first hash of the information is generated locally. The first hash of the information is sent to the trusted authority. The trusted authority is a service that is managed by an external party. A validation event associated with the information is detected. A request for the first hash of the information is sent to the trusted authority. The first hash of the information is received from the trusted authority. A second hash of the information is generated. The second hash of the information is generated locally. The received first hash of the information is compared to the generated second hash of the information to determine if the received first hash of the information is the same as the second hash of the information.

Abstract: A visual media is received. For example, the received visual media may be a digital image, a video file, or a video stream. A plurality of colors in the visual media are identified. In response to identifying the plurality of colors in the visual media, one or more colors not in the visual media are identified. A watermark is placed in the visual media to produce a watermarked visual media. The watermark comprises at least one of the identified colors not in the visual media. The watermarked visual media is verified using image processing.

Abstract: Language used by a specific user in a specific context is gathered. The language used by the specific user in the specific context is language gathered from a plurality of previously captured electronic communication sessions. For example, the language of the specific user is captured from previous voice, video, and/or text communication sessions. A machine learning process based on the language gathered from the plurality of previously captured electronic communication sessions is trained. The trained machine learning process is used to determine if the specific user is actually participating in an electronic communication session or if a potential imposter is likely posing as the specific user in the electronic communication session. In response to determining that the potential imposter is likely posing as the specific user in the electronic communication session, an action is taken to secure the electronic communication session.

Abstract: Source code for a type of malware is received. For example, the source code may be source code from a type of computer virus. An Artificial Intelligence (AI) algorithm is identified. For example, the AI algorithm may be ChatGPT. The source code of the type of malware is run through the AI algorithm to produce mutated source code for the type of malware. A prediction algorithm is used to predict a signature of the mutated source code for the type of malware. For example, the prediction algorithm is trained using existing source code of different types of malware to generate a prediction model. The signature of the mutated source code for the type of malware is then compared to a signature of a potentially new type of malware to determine if the signatures are similar.

Abstract: A current thread pattern is identified. For example, a thread pattern of a running software application is identified. Current resource information associated with the current thread pattern is identified. For example, the current resource information may include disk usage, packets sent, ports used, accounts created, etc. The current thread pattern and the current resource information associated with the current thread pattern are compared to an existing malicious thread pattern associated with a type of malware and existing malicious resource information associated with the existing thread pattern. A determination is made if the comparison meets a threshold. For example, if the current thread pattern is 90% similar to the existing malicious thread pattern and the current resource information is within 75% of the existing malicious resource information, the threshold is met. In response to the comparison meeting the threshold, an action is taken to mitigate the type of malware.