Innovating to counter the AI-powered cyber threat

Innovators should consider IP protection carefully

Image:

Philip Horler, Withers & Rogers LLP

As cybercriminals develop increasingly sophisticated means of attack, particularly those leveraging AI, developers and other innovators are looking for new technologies and strategies to counter the evolving cyber threat. Phil Horler, partner and patent attorney at IP firm Withers & Rogers shares some advice for those developing it.

The threat of cyberattack is increasing globally. The World Economic Forum’s Global Cybersecurity Outlook 2025 report states that 72% of businesses believe that cyber security risks are rising, and nearly half cite malicious use of generative AI as a top cybersecurity concern.

The costs incurred as a result of data security breaches are rising too. IBM’s latest Cost of a Data Breach report reveals that the average cost of a global data security breach is $4.9 million, a 10% increase on last year.

All organisations are exposed to the growing cyber threat and demand for solutions is increasing. Governments around the world regard cyber protection as a matter of national security and businesses are aware that investing in cyber protection and data security is critical to improve their operational resilience and ensure their long-term survival.

Patent mapping for cyber

Growing demand for cyber protection technologies is evident in a recent global patent mapping study, conducted by Withers & Rogers LLP. The research shows that the number of patent filings targeted at cyber technologies has steadily increased since the year 2000, with new filings now totalling almost 10,000 each year. Most are filed in the US, a leading market for such technologies, with filings in Europe, China, and India also being very popular.

Whilst the number of new filings each year has started to plateau, the underlying trend suggests that patent activity will continue at its current high level for some time to come. It is also important to bear in mind that patent filing data is likely to be only part of the story, as many cyber security innovations will be protected using trade secrets and not be disclosed in the public domain.

Innovators of computer-based technologies – hardware and software – are advised to consider their approach to IP protection carefully. If the technology is going to be disclosed commercially, or it will be detectable through use, patent protection should be sought before any public disclosure.

However, if details of the technology will be kept secret, and if they are not detectable to outside parties, the IP could be retained as a trade secret. Expert advice should be sought at an early stage to ensure the most appropriate strategy is adopted.

Digging deeper into the study, it is clear that many companies in the IT tech sector are innovating in this space, with some exploring ways to protect their own hardware and/or software, and others focused on cybersecurity products that they develop for customers. As expected, Microsoft and Google are among the top filers, along with security software companies, such as McAfee and Symantec.

However, filings are not limited to businesses traditionally associated with software products. A large number of filings are made by diverse software and hardware companies, such as IBM, Intel, Cisco Systems, Dell and Bank of America, to name a few.

Innovative examples

Among the companies developing innovative cyber protection hardware, Goldilock, a UK-based cyber security device manufacturer, has secured patent protection for a novel air gap device designed to physically isolate key parts of a network at risk of attack. As described in UK patent GB2610458B, the device enables secure, remote control of the opening and closing of a physical air gap, not only to isolate compromised networks in real-time, but also proactively keep high value digital assets offline, whilst bringing them online on demand.

The remote-control mechanism is invisible to the threats and operable via a variety of methods, for flexibility and resilience. This innovative cyber protection technology helps to protect the most sensitive parts of computer networks from malicious attacks by cyber criminals, effectively stopping an attack in its tracks, whilst enabling proactive network protection.

The cyber threat linked to the rise of cloud computing is growing exponentially and innovators are focused on developing sophisticated solutions to tackle the problem. Microsoft has filed a US patent application (US2024273200A1) for technology that utilises natural language processing to detect the presence of nefarious software.

A machine-learning model capable of translating input code into natural language is used to generate a confidence score to indicate the likelihood of malicious code. Depending on the nature of its application, an alert can be sent to a human-in-the-loop so they can investigate the circumstances and act as necessary.

A US patent application (US2023244916A1) has also been filed by Microsoft for a novel Bayesian neural network, developed for the purpose of detecting the presence of ransomware. Once trained, the model analyses real-time computing operations to infer the probability of a ransomware attack, triggering security countermeasures as necessary.

Another US patent filing (US2023344860A1) is aimed at protecting organisations against sophisticated ransomware attacks that target multiple machines at once. In this example, three distinct types of ‘incrimination logic’ are utilised to identify risks – an organisation-level logic to detect widespread alert spikes, a graph-based logic to find suspicious connections between machines, and a local logic to analyse individual machine behaviour.

Whilst patent exclusions for software developments, particularly those relating to AI, are complex, innovators can be confident that their AI-powered inventions are patent eligible in key global markets, provided they have a technical benefit in the field of cybersecurity.

However, it is strongly recommended to seek specialist IP advice before making any public disclosure to ensure that the best protection strategy is employed. For example, adopting a hybrid IP strategy may provide an assurance of monopoly IP rights, whilst keeping the hidden workings of a technological innovation a trade secret, enabling innovators to commercialise their activities and attract the investment needed to continue the fight against cybercrime.