US Patent 12095801 Breach path prediction and remediation

Techniques for detecting and remediating vulnerabilities in a network are disclosed. A system scans a network to identify network resources and relationships among the network resources. The system generates a network topology map representing the network. The system detects vulnerabilities in the network by traversing the network topology map with a set of vulnerability definitions. The system detects a vulnerability in a network node when a data describing the node corresponds to the vulnerability definition. The system identifies patterns of vulnerabilities that correspond to potential network attacks from unauthorized entities. The system determines whether combinations of vulnerability patterns amount to a potential breach. The system prioritizes remediation actions for remediating vulnerabilities based on the type and severity of vulnerability.