Case 1:23-cv-00758-JLH-SRF Document 138 Filed 09/05/24 Page 1 of 27 PageID #: 2964
`
`
`
`IN THE UNITED STATES DISTRICT COURT
`FOR THE DISTRICT OF DELAWARE
`
`
`ORCA SECURITY LTD.,
`
`
`Plaintiff,
`
`
`
`v.
`
`
`WIZ, INC.,
`
`
`
`
`Defendant.
`
`
`
`
`
`C.A. No. 23-758 (JLH)
`
`
`
`)
`)
`)
`)
`)
`)
`)
`)
`)
`
`ORCA SECURITY LTD.’S OPENING BRIEF IN SUPPORT OF ITS MOTION TO
`DISMISS WIZ, INC.’S COUNTERCLAIM COUNT IV
`UNDER FED. R. CIV. P. 12(b)(6)
`
`
`
`
`
`
`
`OF COUNSEL:
`
`Douglas E. Lumish
`Lucas Lonergan
`LATHAM & WATKINS LLP
`140 Scott Drive
`Menlo Park, CA 94025
`(650) 328-4600
`
`Blake R. Davis
`Peter Hoffman
`LATHAM & WATKINS LLP
`505 Montgomery Street, Suite 2000
`San Francisco, CA 94111
`(415) 391-0600
`
`Christopher W. Henry
`Kristina D. McKenna
`LATHAM & WATKINS LLP
`200 Clarendon Street
`Boston, MA 02116
`(617) 948-6000
`
`September 5, 2024
`
`MORRIS, NICHOLS, ARSHT & TUNNELL LLP
`Jack B. Blumenfeld (#1014)
`Rodger D. Smith II (#3778)
`Cameron P. Clark (#6647)
`1201 North Market Street
`P.O. Box 1347
`Wilmington, DE 19899-1347
`(302) 658-9200
`jblumenfeld@morrisnichols.com
`rsmith@morrisnichols.com
`cclark@morrisnichols.com
`
`Attorneys for Plaintiff and Counterclaim-
`Defendant Orca Security Ltd.
`
`
`Ryan T. Banks
`LATHAM & WATKINS LLP
`650 Town Center Drive, 20th Floor
`Costa Mesa, CA 92626
`(714) 540-1235
`
`Gabriel K. Bell
`Nicole E. Bruner
`LATHAM & WATKINS LLP
`555 Eleventh Street, NW, Suite 1000
`Washington, DC 20004
`(202) 637-2200
`
`
`
`

`

`Case 1:23-cv-00758-JLH-SRF Document 138 Filed 09/05/24 Page 2 of 27 PageID #: 2965
`
`
`
`I.
`
`II.
`
`TABLE OF CONTENTS
`
`Page
`
`NATURE AND STAGE OF PROCEEDINGS .................................................................. 1
`
`SUMMARY OF THE ARGUMENT ................................................................................. 1
`
`III.
`
`STATEMENT OF FACTS ................................................................................................. 3
`
`A.
`
`The ’549 Patent ....................................................................................................... 3
`
`1.
`
`2.
`
`The ’549 Patent Specification ..................................................................... 3
`
`The ’549 Patent Claims ............................................................................... 5
`
`IV.
`
`LEGAL STANDARDS ...................................................................................................... 6
`
`A.
`
`B.
`
`Motions To Dismiss Under Rule 12(b)(6) .............................................................. 6
`
`Patent Eligibility Under 35 U.S.C. § 101................................................................ 6
`
`V.
`
`ARGUMENT ...................................................................................................................... 7
`
`A.
`
`Alice Step One: The Claims Are Directed to An Abstract Idea .............................. 7
`
`1.
`
`2.
`
`The Independent Claims are Directed to An Abstract Idea ........................ 7
`
`The Dependent Claims Are Equally Abstract ........................................... 14
`
`B.
`
`Alice Step Two: The Claims Add Nothing Inventive to the Abstract Idea ........... 15
`
`1.
`
`2.
`
`The ’549 Independent Claims Add Nothing Inventive ............................. 15
`
`The Dependent Claims Add Nothing Inventive ........................................ 18
`
`C.
`
`There Is No Reason to Delay Finding the Claims Ineligible ................................ 19
`
`VI.
`
`CONCLUSION ................................................................................................................. 20
`
`
`
`i
`
`

`

`Case 1:23-cv-00758-JLH-SRF Document 138 Filed 09/05/24 Page 3 of 27 PageID #: 2966
`
`
`
`TABLE OF AUTHORITIES
`
`CASES
`
`
`
`Page(s)
`
`Aatrix Software, Inc. v. Green Shades Software, Inc.,
`882 F.3d 1121 (Fed. Cir. 2018)................................................................................................20
`
`Affinity Labs of Tex., LLC v. DIRECTV, LLC,
`838 F.3d 1253 (Fed. Cir. 2016)................................................................................................15
`
`AI Visualize, Inc. v. Nuance Commc’ns, Inc.,
`97 F.4th 1371 (Fed. Cir. 2024) ............................................................................................6, 13
`
`Alice Corp. v. CLS Bank International,
`573 U.S. 208 (2014) ......................................................................................................... passim
`
`Bascom Glob. Internet Servs., Inc. v. AT&T Mobility LLC,
`827 F.3d 1341 (Fed. Cir. 2016)................................................................................................18
`
`Beteiro, LLC v. DraftKings Inc.,
`104 F.4th 1350 (Fed. Cir. 2024) ................................................................................6, 7, 16, 20
`
`BSG Tech LLC v. Buyseasons, Inc.,
`899 F.3d 1281 (Fed. Cir. 2018)........................................................................................ passim
`
`Cellspin Soft, Inc. v. Fitbit, Inc.,
`927 F.3d 1306 (Fed. Cir. 2019)................................................................................................20
`
`Chamberlain Grp., Inc. v. Techtronic Indus. Co.,
`935 F.3d 1341 (Fed. Cir. 2019)................................................................................................15
`
`ChargePoint, Inc. v. SemaConnect, Inc.,
`920 F.3d 759 (Fed. Cir. 2019)....................................................................................................8
`
`Chewy, Inc. v. Int’l Bus. Machines Corp.,
`94 F.4th 1354 (Fed. Cir. 2024) ..............................................................................12, 15, 17, 19
`
`Content Extraction & Transmission LLC v. Wells Fargo Bank, Nat’l Ass’n,
`776 F.3d 1343 (Fed. Cir. 2014)..........................................................................................15, 19
`
`cxLoyalty, Inc. v. Maritz Holdings Inc.,
`986 F.3d 1367 (Fed. Cir. 2021)................................................................................................15
`
`Elec. Commc’n Techs., LLC v. ShoppersChoice.com, LLC,
`958 F.3d 1178 (Fed. Cir. 2020)................................................................................................19
`
`ii
`
`

`

`Case 1:23-cv-00758-JLH-SRF Document 138 Filed 09/05/24 Page 4 of 27 PageID #: 2967
`
`
`
`Elec. Power Grp., LLC v. Alstom S.A.,
`830 F.3d 1350 (Fed. Cir. 2016)....................................................................................13, 14, 18
`
`Enfish, LLC v. Microsoft Corp.,
`822 F.3d 1327 (Fed. Cir. 2016)................................................................................................11
`
`Ericsson Inc. v. TCL Commc’n Tech. Holdings Ltd.,
`955 F.3d 1317 (Fed. Cir. 2020)................................................................................................10
`
`FairWarning IP, LLC v. Iatric Sys., Inc.,
`839 F.3d 1089 (Fed. Cir. 2016)....................................................................................10, 11, 14
`
`Hyper Search, LLC v. Facebook, Inc.,
`C.A. No. 17-1387-CFC-SRF, 2018 WL 6617143 (D. Del. Dec. 17, 2018) ............................17
`
`Int’l Bus. Machines Corp. v. Zillow Grp., Inc.,
`50 F.4th 1371 (Fed. Cir. 2022) ................................................................................2, 12, 18, 19
`
`Intellectual Ventures I LLC v. Capital One Bank (USA),
`792 F.3d 1363 (Fed. Cir. 2015)....................................................................................11, 17, 19
`
`Intellectual Ventures I LLC v. Erie Indem. Co.,
`850 F.3d 1315 (Fed. Cir. 2017)................................................................................................17
`
`Intellectual Ventures I LLC v. Symantec Corp.,
`838 F.3d 1307 (Fed. Cir. 2016)........................................................................................ passim
`
`Interval Licensing LLC v. AOL, Inc.,
`896 F.3d 1335 (Fed. Cir. 2018)................................................................................................20
`
`James v. City of Wilkes-Barre,
`700 F.3d 675 (3d Cir. 2012).......................................................................................................6
`
`Neochloris, Inc. v. Emerson Process Mgmt. LLLP,
`140 F. Supp. 3d 763 (N.D. Ill. 2015) .......................................................................................17
`
`OIP Techs., Inc. v. Amazon.com, Inc.,
`788 F.3d 1359 (Fed. Cir. 2015)................................................................................................15
`
`PersonalWeb Techs. LLC v. Google LLC,
`8 F.4th 1310 (Fed. Cir. 2021) .......................................................................................... passim
`
`Quad City Pat., LLC v. Zoosk, Inc.,
`498 F. Supp. 3d 1178 (N.D. Cal. 2020) ...................................................................................17
`
`Recentive Analytics, Inc. v. Fox Corp.,
`692 F. Supp. 3d 438 (D. Del. 2023) .........................................................................................17
`
`iii
`
`

`

`Case 1:23-cv-00758-JLH-SRF Document 138 Filed 09/05/24 Page 5 of 27 PageID #: 2968
`
`
`
`RecogniCorp, LLC v. Nintendo Co.,
`855 F.3d 1322 (Fed. Cir. 2017)................................................................................................13
`
`Sanderling Mgmt. Ltd. v. Snap Inc.,
`65 F.4th 698 (Fed. Cir. 2023) ..............................................................................................6, 19
`
`SAP Am., Inc. v. InvestPic, LLC,
`898 F.3d 1161 (Fed. Cir. 2018)........................................................................................ passim
`
`Simio, LLC v. FlexSim Software Prods., Inc.,
`983 F.3d 1353 (Fed. Cir. 2020)........................................................................................ passim
`
`Trading Techs. Int’l, Inc. v. IBG LLC,
`921 F.3d 1084 (Fed. Cir. 2019)..........................................................................................12, 15
`
`Trinity Info Media, LLC v. Covalent, Inc.,
`72 F.4th 1355 (Fed. Cir. 2023) ......................................................................................8, 10, 17
`
`Two-Way Media Ltd. v. Comcast Cable Commc’ns, LLC,
`874 F.3d 1329 (Fed. Cir. 2017)......................................................................................7, 13, 18
`
`Univ. of Fla. Rsch. Found., Inc. v. Gen. Elec. Co.,
`916 F.3d 1363 (Fed. Cir. 2019)..................................................................................................8
`
`Universal Secure Registry LLC v. Apple Inc.,
`10 F.4th 1342 (Fed. Cir. 2021) ..............................................................................13, 16, 17, 19
`
`Vehicle Intel. & Safety LLC v. Mercedes-Benz USA, LLC,
`635 F. App’x 914 (Fed. Cir. 2015) ..........................................................................................17
`
`35 U.S.C. § 101 ..................................................................................................................1, 6, 7, 19
`
`STATUTES
`
`Fed. R. Civ. P. 12(b)(6)..........................................................................................................1, 6, 19
`
`RULES
`
`
`
`
`iv
`
`

`

`Case 1:23-cv-00758-JLH-SRF Document 138 Filed 09/05/24 Page 6 of 27 PageID #: 2969
`
`
`
`I.
`
`NATURE AND STAGE OF PROCEEDINGS
`
`Plaintiff and Counterclaim-Defendant Orca Security Ltd. (“Orca”) alleges that Defendant
`
`and Counterclaim-Plaintiff Wiz, Inc. (“Wiz”) infringes six patents: U.S. Patent Nos. 11,663,031,
`
`11,663,032, 11,693,685, 11,726,809, 11,740,926, and 11,775,326. D.I. 15 (Second Amended
`
`Complaint). On November 21, 2023, Wiz filed a Motion to Dismiss Orca’s claims of indirect and
`
`willful infringement (D.I. 17, 18), which the Court denied on May 21, 2024. D.I. 65. On June 4,
`
`2024, Wiz filed counterclaims, alleging that Orca infringes U.S. Patent Nos. 11,722,554,
`
`11,929,896, 11,936,693, 12,001,549 (“’549 patent”), and 12,003,529. D.I. 70 at 37-147. On
`
`July 25, 2024, Orca moved to dismiss Counterclaim Count IV under Rule 12(b)(6) because the
`
`’549 patent lacks patent-eligible subject matter under 35 U.S.C. § 101 and Alice Corp. v. CLS Bank
`
`International, 573 U.S. 208 (2014). D.I. 111. Wiz then amended its counterclaims (“FACC”) on
`
`August 22, 2024. D.I. 124. But the allegations that Wiz added do not save the ’549 patent under
`
`§ 101. Therefore, Orca again moves to dismiss Counterclaim IV (FACC ¶¶ 89-124) under § 101.
`
`II.
`
`SUMMARY OF THE ARGUMENT
`
`1.
`
`The Court should hold that Wiz’s ’549 patent claims (asserted in Counterclaim
`
`Count IV) are ineligible for patent protection under § 101 and grant Orca’s motion to dismiss with
`
`prejudice. In Alice, the Supreme Court set forth its two-step test for determining whether computer
`
`implemented patent claims are eligible under § 101, which is a threshold requirement for any patent
`
`suit. Under Alice, computer implemented claims are ineligible if they (i) are directed to an abstract
`
`idea and (ii) add nothing inventive to that abstract idea. Wiz’s ’549 patent claims fail that test.
`
`2.
`
`At Alice step one, the claims are directed to the abstract idea of retrieving,
`
`contextualizing, querying, and responding to cybersecurity threat information. The ’549 patent
`
`addresses a human problem: “an operator will often receive an alert [about a cybersecurity threat]
`
`1
`
`

`

`Case 1:23-cv-00758-JLH-SRF Document 138 Filed 09/05/24 Page 7 of 27 PageID #: 2970
`
`
`
`that lacks context” and “does not … indicate what, if at all, should be done” to respond. ’549
`
`patent at 1:51-56. The purported solution is to use existing computer technology—including
`
`natural language processing techniques such as a “large language model,” or “LLM”—to generate
`
`additional context and thereby make it easier to respond. Indeed, Wiz itself alleges that humans
`
`can be involved in every single step of the claims—a key indication of abstraction. That the claims
`
`also recite using existing computer technology, even if applied in a new environment, does not
`
`make them less abstract.
`
`3.
`
`At Alice step two, the claims add no inventive concept beyond the abstract idea.
`
`The specification expressly acknowledges that the claims can be implemented using well-known
`
`large language models—like OpenAI’s ChatGPT, or Google’s BERT. See, e.g., ’549 patent
`
`at 16:25-26, 10:14-40. The remaining steps, by admission, can be implemented on generic
`
`computer components, such as “general-purpose microprocessors” or “any other hardware logic
`
`components that can perform calculations.” Id. at 17:59-18:3; see also, e.g., id. at 18:43-45. That
`
`is not inventive.
`
`4.
`
`The Federal Circuit has held similar, or even more technological-seeming, claims
`
`ineligible as a matter of law, including claims for identifying and responding to risky emails in
`
`Intellectual Ventures I LLC v. Symantec Corp., 838 F.3d 1307 (Fed. Cir. 2016) (“Symantec”);
`
`implementing graphical object-oriented programming in Simio, LLC v. FlexSim Software Prods.,
`
`Inc., 983 F.3d 1353 (Fed. Cir. 2020) (ineligible claims), analyzing and presenting relevant
`
`information in Int’l Bus. Machines Corp. v. Zillow Grp., Inc., 50 F.4th 1371 (Fed. Cir. 2022), and
`
`implementing a database structure with contextual information in BSG Tech LLC v. Buyseasons,
`
`Inc., 899 F.3d 1281 (Fed. Cir. 2018). Wiz’s ’549 patent claims are likewise ineligible as a matter
`
`of law and its Counterclaim IV (FACC ¶¶ 89-124) should be dismissed with prejudice.
`
`2
`
`

`

`Case 1:23-cv-00758-JLH-SRF Document 138 Filed 09/05/24 Page 8 of 27 PageID #: 2971
`
`
`
`III.
`
`STATEMENT OF FACTS
`
`A.
`
`The ’549 Patent
`
`Wiz filed the ’549 patent application on January 31, 2024, five months after Orca brought
`
`this suit against Wiz. The patent issued on June 4, 2024, and Wiz asserted it against Orca that day.
`
`1.
`
`The ’549 Patent Specification
`
`The ’549 patent specification states that it “relates generally to cybersecurity incident
`
`response and specifically to initiating mitigation actions in response to detected cybersecurity
`
`threats.” ’549 patent at 1:16-18. The patent explains that in typical “cybersecurity solutions,” an
`
`“operator” (i.e., a human) would “receive an alert” (an “incident”) about a cybersecurity threat
`
`(e.g., a message stating that a system has been accessed without authorization) and then query a
`
`database or other “structured data” to determine how to respond. See id. at 1:22-56. But the patent
`
`states this process is “not always human-friendly” because it “requires a human to learn a special
`
`query language which the machine uses to retrieve and store data.” Id. at 1:31-37. Accordingly,
`
`the patent explains that a human can instead use existing techniques to generate natural language
`
`“prompts” for known “large language models” (LLMs), to “provide[] accurate translation between
`
`a query received in natural language and a database query, in order to provide a user with a relevant
`
`result to their query.” Id. at 10:14-28; see id. at 1:39-43.
`
`However, according to the patent, the problem was “a lack of context”: “an operator will
`
`often receive an alert that lacks context” and “does not provide a root cause, or indicate what, if at
`
`all, should be done to remediate, mitigate, and the like.” Id. at 1:51-56. Then, lacking relevant
`
`context, if the operator inputs an ambiguous natural language query (e.g., “what is jay?”), the
`
`computer has no way of discerning between different possible meanings and, accordingly, the
`
`resulting computer database query will not necessarily produce useful results. Id. at 1:44-49. The
`
`3
`
`

`

`Case 1:23-cv-00758-JLH-SRF Document 138 Filed 09/05/24 Page 9 of 27 PageID #: 2972
`
`
`
`patent’s purported solution, therefore, is to supply additional context so that, when the operator
`
`inputs a natural language query (which is converted to a database query) to look up next steps, the
`
`resulting information will be more useful. See, e.g., id. at 1:44-58, 2:60-65.
`
`The specification acknowledges that no new computer technology is required. Instead, the
`
`patent states that the steps require only generic “hardware, firmware, software, or any combination
`
`thereof,” id. at 18:43-45—for example, “general-purpose microprocessors” or “any other hardware
`
`logic components that can perform calculations,” id. at 17:59-18:3. At the outset, the purported
`
`invention does not describe any new way of identifying security threats; rather, it receives already-
`
`identified security information (“incidents”) and facilitates the user obtaining additional context to
`
`employ in querying a database for potential responses. And the patent acknowledges that this
`
`requires only well-known large language models such as OpenAI’s ChatGPT, or Google’s BERT,
`
`see, e.g., ’549 patent at 16:25-26 (“A large language model is, for example, GPT, BERT, and the
`
`like.”), 10:14-40 (same), and existing tools to convert natural language queries to database queries,
`
`see id. at 12:13-17 (“natural language processing (NLP) techniques” include known “distance-
`
`based Word2Vec”), 1:38-43. Moreover, the patent states that humans are integral in the purported
`
`solution. For example, the user can retrieve additional context by providing input to match the
`
`incident to unspecified “predefined scenarios.” Id. at 15:27-40, 16:2, Fig. 6.
`
`In sum, the patent acknowledges that its advance is supplying additional context or
`
`“structure” for natural language database queries (see id. at 10:10-13, 1:26-37)—not a new tool or
`
`feature for identifying a security threat, querying a database, or implementing a response. To
`
`facilitate a user’s natural language queries, the patent describes using conventional techniques,
`
`including large language models, to generate the structured database queries (id. at 10:20-28,
`
`12:46-52), and using conventional database technology, such as SQL, to store and retrieve the
`
`4
`
`

`

`Case 1:23-cv-00758-JLH-SRF Document 138 Filed 09/05/24 Page 10 of 27 PageID #: 2973
`
`
`
`data. Id. at 1:30-37. The result of an executed database query can be “provided to … a user,” who
`
`can initiate mitigation actions. Id. at 11:30-39, 17:14-21. The patent does not purport to invent or
`
`improve such technologies; it merely uses them.
`
`2.
`
`The ’549 Patent Claims
`
`The ’549 patent’s claims likewise recite no specific technological advances, instead
`
`applying conventional LLM technology to common human activity. Each of the three independent
`
`claims (claims 1, 11, and 12) recites basic steps for “providing [a] cybersecurity incident response”
`
`by (1) receiving cybersecurity threat information (“an incident”), (2) contextualizing the
`
`information using an LLM, (3) querying a cybersecurity database using that context, and
`
`(4) initiating a mitigation action. That is, the claims recite receiving, determining, querying, and
`
`responding to cybersecurity information. Claim 1 is representative:
`
`1. A method for providing cybersecurity incident response, comprising:
`
`receiving an incident input based on a cybersecurity event;
`
`generating a prompt for a large language model (LLM) based on the received
`incident input;
`
`configuring the LLM to generate an output based on the generated prompt;
`
`mapping the received incident input into a scenario of a plurality of scenarios based
`on the output of the LLM, wherein each scenario is associated with an incident
`response;
`
`generating a query based on the received incident input and the mapped scenario;
`
`executing the query on a security database, the security database including a
`representation of a computing environment;
`
`initiating a mitigation action based on a result of the executed query.
`
`
`The other two independent claims are materially the same, except they recite a “computer-
`
`readable medium” (claim 11) and “system” (claim 12) for performing the same computer
`
`functions, with additional generic hardware limitations. The dependent claims recite incidental
`
`limitations, including types of incident inputs (claim 2), LLM usage (claims 3, 4, 5, and 7), user
`
`5
`
`

`

`Case 1:23-cv-00758-JLH-SRF Document 138 Filed 09/05/24 Page 11 of 27 PageID #: 2974
`
`
`
`interface activity (claims 6, 8, and 10), and database storage (claim 9). Infra at 14-15, 18-19.
`
`Dependent claims 13-21 recite the same limitations as claims 2-10.
`
`IV.
`
`LEGAL STANDARDS
`
`A. Motions To Dismiss Under Rule 12(b)(6)
`
`Patent eligibility under § 101 is a threshold issue that “may be, and frequently has been,
`
`resolved on a Rule 12(b)(6)” motion, before formal claim construction or fact development, where
`
`there are no relevant factual disputes. SAP Am., Inc. v. InvestPic, LLC, 898 F.3d 1161, 1166 (Fed.
`
`Cir. 2018); see, e.g., AI Visualize, Inc. v. Nuance Commc’ns, Inc., 97 F.4th 1371, 1377 (Fed. Cir.
`
`2024) (affirming Rule 12(b)(6) dismissal); Beteiro, LLC v. DraftKings Inc., 104 F.4th 1350, 1358
`
`(Fed. Cir. 2024) (same); Sanderling Mgmt. Ltd. v. Snap Inc., 65 F.4th 698, 705 (Fed. Cir. 2023)
`
`(same). The Court accepts well-pleaded factual allegations but “disregard[s] rote recitals of the
`
`elements of a cause of action, legal conclusions, and mere conclusory statements.” James v. City
`
`of Wilkes-Barre, 700 F.3d 675, 679 (3d Cir. 2012) (citations omitted). And “‘generalized
`
`assertions that factual considerations about the state of the art preclude a decision at the pleadings
`
`stage’ do not prevent a district court from granting a motion to dismiss.” Beteiro, 104 F.4th at 1358
`
`(citation omitted).
`
`B.
`
`Patent Eligibility Under 35 U.S.C. § 101
`
`Section 101 delineates the categories of patent eligible subject matter, and “contains an
`
`important implicit exception” for abstract ideas—such as mental processes, human activities, or
`
`basic computerized steps—which are not ineligible. Alice, 573 U.S. at 216 (citation omitted). The
`
`two-step Alice framework governs whether computer-based claims are ineligible. Id. at 217-27.
`
`At step one, the Court determines whether the asserted claims are, at root, directed to an
`
`abstract idea notwithstanding the recitation of any computer features. Id. at 218. If so, at step two,
`
`6
`
`

`

`Case 1:23-cv-00758-JLH-SRF Document 138 Filed 09/05/24 Page 12 of 27 PageID #: 2975
`
`
`
`the Court determines whether the other claim elements, individually or collectively, add
`
`“significantly more”—i.e., an “inventive concept”—apart from the abstract idea. Id. at 217-22.
`
`The claims cannot “simply … implement the abstract idea … on a generic computer.” Id. at 225.
`
`If claims add nothing inventive at step two, they are ineligible under § 101 as a matter of law. Id.
`
`At both steps, the eligible subject matter cannot stem from the abstract idea itself. See
`
`Simio, 983 F.3d at 1365. Automating an idea in a “particular technological environment” with
`
`conventional computer technology does not make claims “less abstract” and contributes nothing
`
`inventive. Symantec, 838 F.3d at 1314 (citation omitted). Nor may claims simply recite “generic
`
`functional language to achieve [the] purported solutions” without claiming “how the desired result
`
`is achieved.” Two-Way Media Ltd. v. Comcast Cable Commc’ns, LLC, 874 F.3d 1329, 1339 (Fed.
`
`Cir. 2017) (citation omitted). Indeed, “[c]laims of this nature are almost always found to be
`
`ineligible” under § 101. Beteiro, 104 F.4th at 1356.
`
`V.
`
`ARGUMENT
`
`Wiz’s ’549 patent claims are ineligible under § 101 and Alice because they are directed to
`
`an abstract idea and add nothing inventive.
`
`A.
`
`Alice Step One: The Claims Are Directed to An Abstract Idea
`
`The claims of the ’549 patent are directed to the abstract idea of retrieving, contextualizing,
`
`querying, and responding to cybersecurity threat information—activities that humans can perform.
`
`1.
`
`The Independent Claims are Directed to An Abstract Idea
`
`The independent claims recite that abstract idea as a series of basic steps. Claim 1 (which
`
`is representative) recites “a method for providing cybersecurity incident response” by:
`
`(1) “receiving” information about a cybersecurity threat (“an incident”); (2) determining relevant
`
`context by using existing LLMs (i.e., generating a prompt for an LLM based on the incident and
`
`using the LLM’s output to “map[]” the incident to a “scenario”); (3) querying a cybersecurity
`
`7
`
`

`

`Case 1:23-cv-00758-JLH-SRF Document 138 Filed 09/05/24 Page 13 of 27 PageID #: 2976
`
`
`
`database using that incident/scenario context (i.e., generating and executing a query on a security
`
`database that includes “a representation of a computing environment”); and (4) “initiating a
`
`mitigation action based on a result of the executed query.” ’549 patent cl. 1. Independent claims
`
`11 and 12 are the same but are couched as a computer “medium” and “system” for performing the
`
`same steps, which does not change the analysis. See Alice, 573 U.S. at 226 (ineligible system and
`
`software claims “no different from the method claims in substance”). Therefore, all independent
`
`claims focus on retrieving, contextualizing, querying, and responding to cybersecurity threat
`
`information. The specification confirms those steps are the purported advance. See, e.g., ’549
`
`patent at 1:16-18, 1:22-43, 1:51-58; see also ChargePoint, Inc. v. SemaConnect, Inc., 920 F.3d
`
`759, 774 (Fed. Cir. 2019) (specification is useful in identifying purported advance); FACC ¶¶ 10,
`
`90-92. The claims are directed to an abstract idea for three reasons.
`
`First, the claims are directed to a human problem and provide a solution that automates
`
`human activities—a “telltale sign of abstraction.” Trinity Info Media, LLC v. Covalent, Inc., 72
`
`F.4th 1355, 1361 (Fed. Cir. 2023) (citation omitted); see also, e.g., PersonalWeb Techs. LLC v.
`
`Google LLC, 8 F.4th 1310, 1318 (Fed. Cir. 2021) (“mere automation of manual processes using
`
`generic computers … fails step one”) (citation omitted); Univ. of Fla. Rsch. Found., Inc. v. Gen.
`
`Elec. Co., 916 F.3d 1363, 1367 (Fed. Cir. 2019) (similar). As the specification describes,
`
`generating database queries was not “human-friendly” and that, although existing natural language
`
`processing techniques allowed users to translate natural language into machine language queries,
`
`they often lacked relevant context and thus failed to produce relevant responses. Supra at 3-4. In
`
`turn, the patent’s purported solution is using generic computers and well-known LLMs to generate
`
`relevant context for natural language queries of a cybersecurity database, so that the human
`
`operator receives more relevant information to better respond to an incident. Id. Therefore,
`
`8
`
`

`

`Case 1:23-cv-00758-JLH-SRF Document 138 Filed 09/05/24 Page 14 of 27 PageID #: 2977
`
`
`
`because the claims are rooted in human problems and activities, they are abstract.
`
`The patentee’s own statements support that conclusion. The ’549 patent admits that human
`
`activity and input is integral to the claim steps: users (humans) can: (1) receive cybersecurity threat
`
`information, see ’549 patent at 1:51-52, 7:30-37; (2) provide input for a natural language query,
`
`id. at 11:45-47, 12:53-55, “scenario” selections, id. at 2:44-45, 2:48-49, 3:52-56, 3:59-61, 4:56-
`
`63, 6:11-19, 15:22-40, and “generating a prompt” for the LLM, id. at 2:49-50; see also id. at 2:52-
`
`54, 3:62-66, 4:64-66, 5:5-7, 6:19-23, 6:35-37; (3) query the database, id. at 10:14-19; and
`
`(4) initiate a response, see id. at 17:15-21, 1:51-56. Likewise, Wiz’s counterclaim confirms that
`
`human activity is integral to the claim steps: Wiz’s allegations depend at every turn on human
`
`activities and input. See FACC ¶¶ 112-120 (alleging infringement based on user receiving human-
`
`readable alerts; user actions in generating prompts, configuring an LLM by clicking a “toggle”
`
`button, mapping scenarios, generating and executing a database query by “click[ing]”; and
`
`“allowing users to take remedial steps based on the query results”). Despite Orca making this
`
`same argument in its earlier motion to dismiss (D.I. 112 at 9), Wiz did not amend these allegations
`
`(or its corresponding infringement contentions) to state otherwise. Compare D.I. 70 ¶¶ 96-104,
`
`with FACC ¶¶ 112-120. By the patentee’s own admissions, therefore, human activity is integral
`
`to the claim limitations. And automating such steps that involve, or are akin to, human activity
`
`does not make the claims “any less abstract.” Symantec, 838 F.3d at 1319.
`
`The Federal Circuit has found abstract and ineligible similar claims involving human-
`
`performable concepts for processing and responding to data. For example, in Symantec, the claims
`
`provided a computer network system for identifying undesirable or risky electronic messages (e.g.,
`
`spam or viruses) based on their data attributes and taking actions accordingly. 838 F.3d at 1316-
`
`17. The claims recited various computer components for performing those steps, including a
`
`9
`
`

`

`Case 1:23-cv-00758-JLH-SRF Document 138 Filed 09/05/24 Page 15 of 27 PageID #: 2978
`
`
`
`“receipt mechanism,” a database of rules, a “rule engine,” and a “distribution mechanism.” Id. at
`
`1317. The court held the claims were akin to a “method of organizing human activity” in a
`
`corporate mailroom and thus abstract at step one. Id. at 1318; see also id. at 1313-16, 1319-20
`
`(holding other computer and security claims abstract). In PersonalWeb, the claims recited content-
`
`based data processing systems that analyzed data attributes using hash functions and took actions
`
`based on those attributes, such as allowing or denying access to the data. 8 F.4th at 1316. The
`
`court held that the claim steps were akin to mental concepts performable “using a pencil and paper”
`
`and thus abstract. Id. at 1316 (citation omitted); see also Trinity, 72 F.4th at 1362 (computer claims
`
`directed to the abstract idea of “matching based on questioning” because “[a] human mind” could
`
`perform similar activities); FairWarning IP, LLC v. Iatric Sys., Inc., 839 F.3d 1089, 1097 (Fed.
`
`Cir. 2016) (claims for identifying suspicious activity in sensitive medical file); Ericsson Inc. v.
`
`TCL Commc’n Tech. Holdings Ltd., 955 F.3d 1317, 1326 (Fed. Cir. 2020) (claims for controlling
`
`software access). Here, the claims similarly recite steps akin to human activities—retrieving,
`
`contextualizing, querying, and responding to threat information—and are, therefore, abstract.
`
`Second, the claims do not purport to provide any specific improvement to computer
`
`technology itself. The claims rely on ad