Abstract: Breach prediction via machine learning includes, responsive to (1) training one or more machine learning models in a breach prediction engine, (2) monitoring one or more users associated with an enterprise, and (3) detecting an incident that is one or more of a threat and a policy violation for a first user of the one or more users, analyzing details related to the incident with the breach prediction engine; displaying a breach prediction likelihood score for the enterprise based on the analyzing; and providing one or more recommendations for the enterprise based on the incident and the analyzing.

Abstract: Systems and methods for Configuration Management Database (CMDB) based application segmentation include obtaining transactional data for a plurality of users of an enterprise, wherein the transactional data relates to usage of a plurality of applications by the plurality of users; obtaining Configuration Management Database (CMDB) data of the enterprise, wherein the CMDB data includes information about hardware and software assets of the enterprise; matching application information within the transactional data and the CMDB data; and generating one or more application segments based on the matching.

Abstract: Systems and methods for generating and utilizing synthetic data include receiving a set of real network traffic data; generating synthetic data from the received set of real network traffic data based on patterns learned from the set of real network traffic data; and utilizing the synthetic data for any of training a machine learning model, testing a machine learning model, and configuring a customer cloud environment. The systems are adapted to generate a large amount of synthetic data from a limited set of real network traffic data. The produced synthetic data is altered in one or more ways to anonymize sensitive information present in the real data. Therefore, the systems are adapted to generate a large amount of synthetic data which accurately resembles real network traffic data while complying with data privacy practices.

Abstract: Systems and methods for learning from mistakes to improve detection rates of Machine Learning (ML) models. The systems and methods including receiving data with labels; running the data through a trained ML model for predictions; identifying errors in the predictions based on the labels received with the data; adjusting weights associated with samples in the data based on the identified errors; and retraining the ML model with the adjusted weights.

Abstract: Systems and methods include obtaining log data for a plurality of users of an enterprise where the log data relates to usage of a plurality of applications by the plurality of users and user metadata; analyzing the log data to determine one or more sequential patterns of application access; determining i) app-segments that are groupings of application of the plurality of applications and ii) user-groups that are groupings of users of the plurality of users, based on the log data and the one or more sequential patterns of application access; and providing access policy of the plurality of applications based on the user-groups and the app-segments. The one or more sequential patterns of application access include a sequence of accessing a plurality of applications in a given time period.

Abstract: Systems and methods for malicious beaconing detection include extracting one or more beaconing sequences from log data associated with a network; performing feature extraction for the one or more extracted beaconing sequences; and implementing one or more Machine Learning (ML) models for classifying each of the one or more beaconing sequences as any of clean, malicious, suspicious, and unknown. The one or more ML models can be associated with an ensemble model, where a final classification of a beaconing sequence can be based on results of each of the one or more ML models.

Abstract: Systems and methods for identifying incorrect labels and improving label correction for machine learning for security. The systems and methods including receiving data with labels; training one or more Machine Learning (ML) models to label the received data; identifying disagreements between the labels provided by the one or more ML models and the labels received with the data; and providing one or more groups of the data for review for incorrect labels.

Abstract: Systems and methods for inline Uniform Resource Locator (URL) categorization include training a lightweight machine learning model to score content associated with unknown Uniform Resource Locators (URLs) to determine a category of the plurality of categories for each of the unknown URLs; deploying the trained lightweight machine learning model to a node in a cloud-based system for use in production; and utilizing the trained lightweight machine learning model to monitor traffic inline to categorize unknown URLs.

Abstract: Systems and methods of sandboxing a file include responsive to receiving a file associated with a user, obtaining policy for the user; analyzing the file with a machine learning model; and based on a combination of the policy for the user and a verdict of the machine learning model, one of quarantining the file for analysis in a sandbox and allowing the file to the user. The present disclosure presents a smart quarantine with a goal of minimizing the number of files quarantined, the number of malicious files passed through to an end user, and a number of files scanned by a sandbox.

Abstract: Systems and methods for processing search queries are provided. A method, according to one implementation, includes a step of receiving a query from a user interface, the query including one or more questions or commands pertaining to datasets stored in a relational database. The method also includes a step of generating a prompt having instructions related to how a Large Language Model (LLM) is to handle a complex query having one or more cascading dependencies. Also, the method includes a step of providing the prompt, datasets, and query to an LLM with instructions to convert the query into Structure Query Language (SQL) code.

Abstract: Systems and methods for Configuration Management Database (CMDB) based application segmentation include obtaining transactional data for a plurality of users of an enterprise, wherein the transactional data relates to usage of a plurality of applications by the plurality of users; obtaining Configuration Management Database (CMDB) data of the enterprise, wherein the CMDB data includes information about hardware and software assets of the enterprise; matching application information within the transactional data and the CMDB data; and generating one or more application segments based on the matching.

Abstract: Systems and methods for detecting and fixing collisions in Artificial intelligence agents include, responsive to obtaining a plurality of tuples in a Retrieval-Augmented Generation (RAG) system with each tuple including a first value and a second value, generating a plurality of different first values from a corresponding first value where the plurality of different first values are similar to the corresponding first value; determining top-k, k is an integer greater than or equal to one, matches for the plurality of different first values to the second values in the RAG system; determining a confusion matrix based on the top-k matches; and utilizing the confusion matrix to debug the RAG system.

Abstract: Systems and methods for generating and utilizing synthetic data include receiving a set of real network traffic data; generating synthetic data from the received set of real network traffic data based on patterns learned from the set of real network traffic data; and utilizing the synthetic data for any of training a machine learning model, testing a machine learning model, and configuring a customer cloud environment. The systems are adapted to generate a large amount of synthetic data from a limited set of real network traffic data. The produced synthetic data is altered in one or more ways to anonymize sensitive information present in the real data. Therefore, the systems are adapted to generate a large amount of synthetic data which accurately resembles real network traffic data while complying with data privacy practices.

Abstract: Systems and methods for hyper-customized customer defined machine learning models include providing a first set of data obtained based on monitoring a plurality of endpoints by a service provider, wherein the plurality of endpoints are associated with a customer, and wherein the first set of data includes an index; responsive to the customer wanting to create a user-defined machine learning model, receiving a second set of data that maps to a subset of the first set of data based on the index, wherein the second set of data is maintained private from the service provider; receiving a metric from the customer for accepting criteria of the user-defined machine learning model; and determining the user-defined machine learning model based on the first set of data, the second set of data, and the metric.

Abstract: Multimodal Data Loss Protection (DLP) includes receiving an input comprising data in any of a plurality of formats; processing the input to determine whether or not the data includes sensitive data; and responsive to the input including sensitive data, performing steps of: processing the input to classify the input into a category of a plurality of categories; and providing an indication of the category of the plurality of categories. Advantageously, the trained multimodal system can detect categories of data being accessed, transferred, etc., without the requirement of up-front dictionaries from corporate Information Technology (IT).

Abstract: Inline Multimodal Data Loss Protection (DLP) includes training one or more machine learning models for classifying input data into categories of a plurality of categories; performing one or more modifications to the one or more machine learning models, wherein the one or more modifications reduce latency associated with the one or more machine learning models; receiving an input comprising data in any of a plurality of formats; processing the input to classify the input into a category of a plurality of categories; and providing an indication of the category of the plurality of categories. Advantageously, by performing the various modifications to the one or more models, the systems can accurately classify data inline with minimal latency.

Abstract: Systems and methods for next generation artificial intelligence agents include operating an Artificial Intelligence (AI) agent system that includes an agent core connected to memory, one or more tools, and a planner; receiving a request from a user; utilizing the planner to break the request down into a plurality of sub-parts that are each individually simpler than the request; and generating an answer to the request using the plurality of sub-parts with the memory and the one or more tools.

Abstract: Systems and methods include obtaining log data for a plurality of users of an enterprise where the log data relates to usage of a plurality of applications by the plurality of users; determining i) app-segments that are groupings of application of the plurality of applications and ii) user-groups that are groupings of users of the plurality of users; and providing access policy of the plurality of applications based on the user-groups and the app-segments. The steps can further include monitoring the access policy over time based on ongoing log data, manual verification of the access policy, and incidents where users are prevented from accessing any application; and adjusting the determined based on the monitoring.

Abstract: Systems and methods for utilizing small sized Large Language Models (LLMs) for performing domain classification include responsive to training one or more machine learning models for performing classification of domains, the training including performing one or more optimizations to the one or more machine learning models, receiving a domain; obtaining data associated with the domain including log data from a cloud-based system that performs monitoring of a plurality of users; and analyzing the domain via the one or more trained machine learning models for classifying the domain.

Abstract: A method includes monitoring content inline between any of users, enterprises, and the Internet by a cloud-based system; analyzing the content with a trained machine learning model to provide an initial classification of benign or malicious; determining an uncertainty associated with the initial classification; and one of allowing the content, blocking the content, and sandboxing the content, based on the initial classification and the uncertainty. The uncertainty is used to minimize latency for user experience while avoiding incorrect classifications, in the inline monitoring.