Inside a "Bring Your Own Device" environment, the employees can freely use their devices. This allows them mix their personal and work life, but at the same time, if the users are not aware of a risky situation, or that situation is not covered by a company security policy or rule, this environment can become very insecure. The aim of this paper is defining a novel system architecture able to self-adapt itself, in the sense that it will learn from past, non secure situations, and therefore will be able to determine whether a new situation is risky or not.This Paper proposes the use of a variety of techniques, from Data Mining of big amounts of recorded data to Evolutionary Algorithms for refining a set of existing policies, maybe creating new ones. A preliminary method that automatically extracts rules to avoid or deny URL connections helps to demonstrate that, by performing a good preprocessing of the data, useful conclusions can be extracted from new -unknown -situations. Therefore, it is possible to successfully extend a set of rules, usually laid out by the company, for covering new, and potentially dangerous, situations.