Abstract: Techniques are described herein that are capable of performing a security action based on anomaly detection using AI model profiles and user profiles. AI model profiles (e.g., a model-session profile, a model-response profile, and/or a model-response profile) associated with AI model(s) are generated. User profiles (e.g., user-session profiles, user-prompt profiles, and/or user-response profiles) associated with users of the AI model(s) are generated. A security action is performed with regard to an incoming AI prompt as a result of a difference between the incoming AI prompt and one or more of the AI model profiles and/or one or more of the user profiles being greater than or equal to a difference threshold.

Abstract: A computer-implemented method is provided that detects jailbreak attempts against generative models, which may involve a shift between benign and malicious content. The method includes determining a probability-based metric for each of a plurality of tokens in a target text using a language model, the probability-based metric being based on a probability at least one preceding token. The probability-based metrics are processed to identify a subset of the plurality of tokens having a change in the probability-based metric with respect to others of the plurality of the tokens not within the subset of the plurality of tokens. A jailbreak attempt in the target text is detected in response to identifying the change in the probability-based metric in the subset of the plurality of tokens.

Abstract: A computer-implemented method is provided that detects jailbreak attempts against generative models, which may involve a shift between benign and malicious content. The method includes determining a probability-based metric for each of a plurality of tokens in a target text using a language model, the probability-based metric being based on a probability at least one preceding token. The probability-based metrics are processed to identify a subset of the plurality of tokens having a change in the probability-based metric with respect to others of the plurality of the tokens not within the subset of the plurality of tokens. A jailbreak attempt in the target text is detected in response to identifying the change in the probability-based metric in the subset of the plurality of tokens.

Abstract: Systems and methods for identifying and responding to anomalous data activity by a computer user on a computing device are presented. An anomalous data activity service, implemented as a machine learning service, receives notice of data activity and conducts an evaluation to determine whether the data activity is an anomalous data activity. Upon determining that the data activity is an anomalous data activity, a responsive action may be taken that may result in the anomalous data activity being blocked or allowed.

Abstract: A method for enabling data classification and or enforcement of Information Rights Management (IRM) capabilities and or encryption in a software application according to which, an agent is installed on each terminal device that runs the application and a central management module which includes the IRM, encryption and classification policy to be enforced, communicates with agents that are installed on each terminal device. The central management module distributes the appropriate IRM and or classification policy to each agent and applies the policy to any application that runs on the terminal device.

Abstract: Abstract system and method for enabling data modification, classification and enforcement of IRM capabilities in standard isolated software applications is disclosed, according to which an add-on code is installed on the terminal device of user that runs the standard application. The add-on code is adapted to interact with the virtual keyboard used by the standard application, to form a custom virtual keyboard to which the features of classifying data items(s) and/or of modifying the content of the data item are added, without changing the natural environment, the user is normally used to. Then a custom virtual keyboard that includes a designed UP interfacing objects is created, for adding inputs that are associated with classification and modification in the data item in the form of a hidden tag tot the content of the data item.

Abstract: System and method for enabling data modification, classification and enforcement of IRM capabilities in standard isolated software applications is disclosed, according to which an add-on code is installed on the terminal device of a user that runs the standard application. The add-on code is adapted to interact with the virtual keyboard used by the standard application, to form a custom virtual keyboard to which the features of classifying data item(s) and/or of modifying the content of the data item are added, without changing the natural environment, the user is normally used to. Then a custom virtual keyboard that includes a designed UI interfacing objects is created, for adding inputs that are associated with classification and modification in the data item in the form of a hidden tag to the content of the data item.

Abstract: A method of protecting data items in an organizational computer network, including, defining multiple information profiles for classifying the data item, defining rules for protecting the data item belonging to a specific information profile, classifying the data item according to the defined information profiles, applying a protection method to the data item responsive to the classification and the defined rules, automatically updating the classification of the data item responsive to a change in the content or location of the data item; and automatically transforming the applied protection method, throughout the lifecycle of the data item, responsive to a change in classification or location of the data item, according to the defined rules.

Abstract: Systems and methods for identifying and responding to anomalous data activity by a computer user on a computing device are presented. An anomalous data activity service, implemented as a machine learning service, receives notice of data activity and conducts an evaluation to determine whether the data activity is an anomalous data activity. Upon determining that the data activity is an anomalous data activity, a responsive action may be taken that may result in the anomalous data activity being blocked or allowed.

Abstract: A method of protecting data items in an organizational computer network, including, defining multiple information profiles for classifying the data item, defining rules for protecting the data item belonging to a specific information profile, classifying the data item according to the defined information profiles, applying a protection method to the data item responsive to the classification and the defined rules, automatically updating the classification of the data item responsive to a change in the content or location of the data item; and automatically transforming the applied protection method, throughout the lifecycle of the data item, responsive to a change in classification or location of the data item, according to the defined rules.

Abstract: A method of protecting data items in an organizational computer network, including, defining multiple information profiles for classifying the data item, defining rules for protecting the data item belonging to a specific information profile, classifying the data item according to the defined information profiles, applying a protection method to the data item responsive to the classification and the defined rules, automatically updating the classification of the data item responsive to a change in the content or location of the data item; and automatically transforming the applied protection method, throughout the lifecycle of the data item, responsive to a change in classification or location of the data item, according to the defined rules.

Abstract: A method for enabling data classification and? or enforcement of Information Rights Management (IRM) capabilities and?or encryption in a software application according to which, an agent is installed on each terminal device that runs the application and a central management module which includes the IRM, encryption and classification policy to be enforced, communicates with agents that are installed on each terminal device. The central management module distributes the appropriate IRM and?or classification policy to each agent and applies the policy to any application that runs on the terminal device.

Abstract: Abstract system and method for enabling data modification, classification and enforcement of IRM capabilities in standard isolated software applications is disclosed, according to which an add-on code is installed on the terminal device of user that runs the standard application. The add-on code is adapted to interact with the virtual keyboard used by the standard application, to form a custom virtual keyboard to which the features of classifying data items(s) and/or of modifying the content of the data item are added, without changing the natural environment, the user is normally used to. Then a custom virtual keyboard that includes a designed UP interfacing objects is created, for adding inputs that are associated with classification and modification in the data item in the form of a hidden tag tot the content of the data item.

Abstract: System and method for enabling data modification, classification and enforcement of IRM capabilities in standard isolated software applications is disclosed, according to which an add-on code is installed on the terminal device of a user that runs the standard application. The add-on code is adapted to interact with the virtual keyboard used by the standard application, to form a custom virtual keyboard to which the features of classifying data item(s) and/or of modifying the content of the data item are added, without changing the natural environment, the user is normally used to. Then a custom virtual keyboard that includes a designed UI interfacing objects is created, for adding inputs that are associated with classification and modification in the data item in the form of a hidden tag to the content of the data item.

Abstract: Described are embodiments for adaptive classification of data items which may include receiving a classification training set, the classification training set comprising a set of items associated with classification events made by a group of selected users, each item in the set of items having been designated as belonging to a particular classification by a selected user while manipulating the each item; determining from the classification training set a set of rules which can be used to classify unknown data items such that the classification of the unknown data items is consistent with the manual or automatic classification of the classification training set; adaptively updating the set of rules, according to classifications made to additional data items by additional users; and automatically classifying, based on the set of rules, one or more data items that are manipulated by a second set of one or more users.

Abstract: A method of protecting data items in an organizational computer network, including, defining multiple information profiles for classifying the data item, defining rules for protecting the data item belonging to a specific information profile, classifying the data item according to the defined information profiles, applying a protection method to the data item responsive to the classification and the defined rules, automatically updating the classification of the data item responsive to a change in the content or location of the data item; and automatically transforming the applied protection method, throughout the lifecycle of the data item, responsive to a change in classification or location of the data item, according to the defined rules.

Abstract: A method of protecting data items in an organizational computer network, including, defining multiple information profiles for classifying the data item, defining rules for protecting the data item belonging to a specific information profile, classifying the data item according to the defined information profiles, applying a protection method to the data item responsive to the classification and the defined rules, automatically updating the classification of the data item responsive to a change in the content or location of the data item; and automatically transforming the applied protection method, throughout the lifecycle of the data item, responsive to a change in classification or location of the data item, according to the defined rules.

Abstract: A method of protecting data items in an organizational computer network, including, defining multiple information profiles for classifying the data item, defining rules for protecting the data item belonging to a specific information profile, classifying the data item according to the defined information profiles, applying a protection method to the data item responsive to the classification and the defined rules, automatically updating the classification of the data item responsive to a change in the content or location of the data item; and automatically transforming the applied protection method, throughout the lifecycle of the data item, responsive to a change in classification or location of the data item, according to the defined rules.