PatentsDB

Foundation model driven application that generates remediation actions for cloud resource misconfigurations

US12506791B2 · US · B2

Patent metadata
FieldValue
Publication numberUS-12506791-B2
Application numberUS-202418621585-A
CountryUS
Kind codeB2
Filing dateMar 29, 2024
Priority dateMar 29, 2024
Publication dateDec 23, 2025
Grant dateDec 23, 2025

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

  1. Title

    What the patent document calls the invention.

  2. Abstract

    A short plain-language summary of the technical disclosure.

  3. Assignees and inventors

    Who owns or filed the patent and who is credited as inventor.

  4. Key dates

    Filing, priority, publication, and grant dates set the timeline.

  5. First independent claim

    The legal scope of protection — read this for what is actually claimed.

  6. CPC / IPC classifications

    Technology tags used to group this patent with similar filings.

  7. Citations and related patents

    Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

A cloud misconfiguration remediation application (“remediation application”) has been created that generates a remediation action for a resource misconfiguration detected with a CSPM policy. The remediation application includes a conversation agent that interacts with the foundation model according to a chain of prompts/input sequences. The conversation agent constructs the chain of prompts based on a template, the CSPM policy, metadata about the CSPM policy and the misconfigured cloud resource, and responses from the foundation model. The foundation model is implemented with retrieval augmented generation (RAG) that uses an embedding database built with remediation documentation of the CSP. Prompts from the conversation agent are augmented based on the implemented RAG. The remediation application aggregates the responses into a remediation action that can either be automatically performed or presented for consideration by a user.

First claim

Opening claim text (preview).

The invention claimed is: 1 . A method comprising: interacting with a first language model to remediate a misconfiguration of a first cloud resource detected with a security policy, wherein interacting with the first language model comprises, retrieving metadata corresponding to each field of the security policy from a repository of information about cloud resources including the first cloud resource; constructing a first input sequence with the retrieved metadata, the security policy, and a first subtask instruction to remediate the misconfiguration; prompting the first language model with the first input sequence to obtain a remediation command, wherein the first language model includes retrieval augmented generation that uses an embeddings database built with remediation documentation of a cloud platform corresponding to the first cloud resource; constructing a second input sequence with a second subtask instruction and indication of the remediation command; prompting the first language model with the second input sequence to determine additional information for the remediation command; and indicating a remediation task for the misconfiguration based on an aggregation of responses obtained from the prompting. 2 . The method of claim 1 further comprising loading a prompt template that defines a chain that at least includes the first and second subtask instructions. 3 . The method of claim 1 , wherein the second subtask instruction requests at least one of a role, a permission, and a credential for the remediation command. 4 . The method of claim 1 , wherein the second subtask instruction requests explanation of impact of running the remediation command. 5 . The method of claim 1 further comprising generating a plurality of security policy templates based on manually authored cloud security posture management security policies and, for each security policy template, predicting with a trained model an offending value for each field of the security policy template and generating a security policy with the security policy template and the predicted offending value for each field. 6 . The method of claim 5 further comprising training a model to obtain the trained model, wherein training the model comprises training the model with fields and field descriptions extracted from specifications of a cloud service provider corresponding to the first cloud resource to learn offending values of the fields based on the manually authored cloud security posture management security policies. 7 . The method of claim 1 , wherein constructing the first input sequence is also with at least one of a description of the first cloud resource, a type of the first cloud resource, a service corresponding to the first cloud resource, and a description of the service corresponding to the first cloud resource. 8 . The method of claim 1 further comprising crawling data of a cloud service provider corresponding to the first cloud resource to detect changes to remediation documentation and maintaining the embeddings database based, at least in part, on detected changes. 9 . A non-transitory, machine-readable medium having program code stored thereon, the program code comprising instructions to: identify each field of a cloud security policy corresponding to a detected misconfiguration of a first cloud resource; retrieve metadata corresponding to each identified field from a repository of information about cloud resources including the first cloud resource; construct a first prompt with a first subtask instruction to remediate the misconfiguration, the retrieved metadata, and the cloud security policy; prompt a first language model with the first prompt to obtain a remediation command, wherein the first language model includes retrieval augmented generation that uses an embeddings database built with remediation documentation of a cloud platform corresponding to the first cloud resource; construct a second prompt with a second subtask instruction and indication of the remediation command; prompt the first language model with the second prompt to determine additional information for the remediation command; and aggregate responses obtained from the first language model to indicate a remediation task for the misconfiguration. 10 . The non-transitory, machine-readable medium of claim 9 , wherein the program code further comprises instructions to load a prompt template that defines a chain that at least includes the first and second subtask instructions. 11 . The non-transitory, machine-readable medium of claim 9 , wherein the second subtask instruction requests at least one of a role, a permission, and a credential for the remediation command. 12 . The non-transitory, machine-readable medium of claim 9 , wherein the second subtask instruction requests explanation of impact of running the remediation command. 13 . The non-transitory, machine-readable medium of claim 9 , wherein the program code further comprises instructions to generate a plurality of security policy templates based on manually authored cloud security posture management security policies and, for each security policy template, predict with a trained model an offending value for each field of the security policy template and generate a security policy with the security policy template and the predicted offending value for each field. 14 . The non-transitory, machine-readable medium of claim 13 , wherein the program code further comprises instructions to train a model to obtain the trained model, wherein the instructions to train the model comprise instructions to train the model with fields and field descriptions extracted from specifications of a cloud service provider corresponding to the first cloud resource to learn offending values of the fields based on the manually authored cloud security posture management security policies. 15 . The non-transitory, machine-readable medium of claim 9 , wherein the instructions to construct the first prompt comprise the instructions to construct the first prompt also with at least one of a description of the first cloud resource, a type of the first cloud resource, a service corresponding to the first cloud resource, and a description of the service corresponding to the first cloud resource. 16 . The non-transitory, machine-readable medium of claim 9 , wherein the program code further comprises instructions to crawl data of a cloud service provider corresponding to the first cloud resource to detect changes to remediation documentation and instructions to maintain the embeddings database based, at least in part, on detected changes. 17 . An apparatus comprising: a processor; and a non-transitory machine-readable medium having instructions stored thereon, the instructions executable by the processor to cause the apparatus to: identify each field of a cloud security policy corresponding to a detected misconfiguration of a first cloud resource; retrieve metadata corresponding to each identified field from a repository of information about cloud resources including the first cloud resource; construct a first prompt with a first subtask instruction to remediate the misconfiguration, the retrieved metadata, and the cloud security policy; prompt a first language model with the first prompt to obtain a remediation command, wherein the first language model includes retrieval augmented generation that uses an embeddings database built with remediation documentation of a cloud platform corresponding to the first cloud resource; construct a set of one or more subsequent

Assignees

Inventors

Classifications

  • H04L63/1433

    Vulnerability analysis · CPC title

  • H04L63/20

    for managing network security; network security policies in general (filtering policies H04L63/0227) · CPC title

  • H04L63/205Primary

    involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved (negotiation of communication capabilities H04L69/24) · CPC title

Patent family

Related publications grouped by family.

View patent family 97175794

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US12506791B2 cover?
A cloud misconfiguration remediation application (“remediation application”) has been created that generates a remediation action for a resource misconfiguration detected with a CSPM policy. The remediation application includes a conversation agent that interacts with the foundation model according to a chain of prompts/input sequences. The conversation agent constructs the chain of prompts bas…
Who is the assignee on this patent?
Palo Alto Networks Inc
What technology area does this patent fall under?
Primary CPC classification H04L63/205. Mapped technology areas include Electricity.
When was this patent published?
Publication date Tue Dec 23 2025 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?
We list 5 related publications on this page (citations in our corpus or others sharing the same primary CPC).