PTAB

IPR2025-01087

Orca Security Ltd v. Wiz Inc

Log In
Key Events
Petition
petition

1. Case Identification

2. Patent Overview

  • Title: Method and System for Detecting a Cybersecurity Risk of an Artificial Intelligence Model
  • Brief Description: The ’529 patent discloses methods for detecting cybersecurity risks associated with artificial intelligence (AI) models within a cloud computing environment. The process involves generating an inspectable disk from a resource, inspecting it for an AI model, representing the model and its risks in a security database, and initiating mitigation actions.

3. Grounds for Unpatentability

Ground 1: Claims 1-17 are obvious over Shua in view of Lang.

  • Prior Art Relied Upon: Shua (Patent 11,489,863) and Lang (Application # 2024/0202405).

  • Core Argument for this Ground:

    • Prior Art Mapping: Petitioner argued that the challenged claims represent an obvious modification of a known cloud cybersecurity system (Shua) by incorporating a known technique for analyzing AI models (Lang). Shua taught a comprehensive, agentless cloud security platform that scanned a customer's entire cloud environment by taking snapshots of disk volumes ("inspectable disks") and generating a graph-based map of all assets and their associated vulnerabilities. However, Shua did not explicitly teach scanning for AI models. Lang addressed this gap by disclosing methods to automatically detect, analyze, and harden AI systems, including scanning virtual machine files to identify AI components and assess them for vulnerabilities like data poisoning or adversarial attacks.

    Petitioner asserted that the combination of Shua and Lang taught all limitations of independent claim 1. Shua’s method of creating disk snapshots met the limitation of "generating an inspectable disk." The combination of Shua’s general disk inspection with Lang’s specific teaching of analyzing VM files for AI components met the limitation of "inspecting the inspectable disk for an AI model." Shua’s generation of a graph database representing the computing environment, combined with Lang’s teaching of creating abstract representations of detected AI models, met the requirement to "generate a representation of the AI model in a security database." Similarly, applying Lang’s AI-specific vulnerability analysis to Shua’s general vulnerability assessment framework met the limitation of "inspecting the AI model for a cybersecurity risk." Shua’s practice of enriching its asset map with discovered risk data, when combined with Lang’s identification of AI-specific risks, taught "generating a representation of the cybersecurity risk...connected to the representation of the AI model." Finally, Shua taught initiating mitigation actions based on discovered risks, and Lang taught specific mitigations for AI models, satisfying the final step of claim 1.

    The arguments for independent claims 9 (non-transitory computer-readable medium) and 10 (system) relied on the same mapping, as both Shua and Lang disclosed their methods being implemented on computer systems with processors and memory storing instructions. Petitioner argued the dependent claims were also obvious, as they recited specific types of risks or artifacts (e.g., secrets, certificates, lateral movement paths) that were explicitly taught by the combination. For example, Shua taught detecting secrets and certificates for lateral movement, and Lang taught analyzing all file paths associated with an AI model, which a POSITA would combine to search for such secrets within AI model components.

    • Motivation to Combine: Petitioner contended a person of ordinary skill in the art (POSITA) would combine Shua and Lang for several reasons. First, Shua expressed a goal of providing 100% visibility by scanning all of a customer’s cloud assets. As AI models became a more prevalent and critical type of cloud asset, a POSITA would have been motivated to extend Shua’s comprehensive scanning to include them. Lang provided the known, specific techniques for doing so. Second, the combination represented the simple application of a known technique (Lang’s AI analysis) to a similar system (Shua’s cloud scanner) to yield a predictable result—the improved ability to detect AI-specific security risks. Both references operated in the same field of cloud security, addressing the same problem of identifying vulnerabilities in cloud assets.

    • Expectation of Success: A POSITA would have had a reasonable expectation of success in combining the references. The integration involved applying Lang's software-based analysis to data (disk snapshots) already collected by Shua's system. This required, at most, minor software modifications and did not present any apparent technical hurdles. The predictable outcome would be an enhanced security platform capable of identifying a broader range of risks.

4. Relief Requested

  • Petitioner requests institution of an inter partes review and cancellation of claims 1-17 of the ’529 patent as unpatentable under 35 U.S.C. §103.