Sunday, 2 February 2025

Mainframe staff, security, and AI

If you want to test a new application, the best data to test it on is live data! Now, I’m sure that there are procedures in place to not do that. I’m sure anonymized data would be used instead. But it became apparent a few years ago that some members of staff were copying live data off the mainframe and testing it in cloud applications. Again, hopefully this doesn’t happen anymore. However, there is apparently a new problem facing mainframe security teams. And that is using live data on artificial intelligence (AI) applications.

It was the rapid increase in people working from home during the pandemic that led to a rise in shadow IT – people using applications to get work done, but those applications hadn’t been tested by the IT security team. A recent survey has found that AI is now giving rise to another massive security issue. This becomes even more of an issue with the current popularity of Deepseek V3, and the announcement of Alibaba Qwen 2.5, both AIs originating from China.

Cybsafe’s The Annual Cybersecurity Attitudes and Behaviors Report 2024-2025 found that, worryingly, almost 2 in 5 (38%) professionals have admitted to sharing personal data with AI platforms, without their employer’s permission. So, what data is being shared most often and what are the implications? That’s what application security SaaS company, Indusface, looked into. Here’s what they found.

One of the most common categories of information shared with AI is work-related files and documents. Over 80% of professionals in Fortune 500 enterprises use AI tools, such as ChatGPT, to assist with tasks such as analysing numbers, refining emails, reports, and presentations.2

However, 11% of the data employees paste into ChatGPT is strictly confidential, for example internal business strategies, and the employees don’t fully understand how the platform processes this data. Staff should remove sensitive data when inputting search commands into AI tools.3

Personal details such as names, addresses, and contact information are often being shared with AI tools daily. Shockingly, 30% of professionals believe that protecting their personal data isn’t worth the effort, which indicates a growing sense of helplessness and lack of training.

Access to cybersecurity training has increased for the first time in four years, with 1 in 3 (33%) participants using it and 11% having access but not utilizing it. For businesses to remain safe from cyber security threats, it is important to carry out cybersecurity training for staff, upskilling on the safe use of AI.1

Client information, including data that may fall under regulatory or confidentiality requirements, is often being shared with AI by professionals.

For business owners or managers using AI for employee information, it is important to be wary of sharing bank account details, payroll, addresses, or even performance reviews because this can violate contract policy and lead to organization vulnerability due to any potential legal actions if sensitive employee data is leaked.

Large language models (LLMs) are often used and are crucial AI models for many generative AI applications, such as virtual assistants and conversational AI chatbots. This can often be used with Open AI models, Google Cloud AI, and many more.

However, the data that helps train LLMs is usually sourced by web crawlers scraping and collecting information from websites. This data is often obtained without users’ consent and might contain personally identifiable information (PII).

Other AI systems that deliver tailored customer experiences might collect personal data, too. It is recommended to ensure that the devices used when interacting with LLMs are secure, with full antivirus protection to safeguard information before it is shared, especially when dealing with sensitive business financial information.

AI models are designed to provide insights, but not safely secure passwords, and could result in unintended exposure, especially if the platform does not have strict privacy and security measures.

Indusface recommends that individuals avoid reusing passwords that may have been used across multiple sites because this could lead to a breach on multiple accounts. The importance of using strong passwords with multiple symbols and numbers has never been more important, in addition to activating two-factor identification to secure accounts and mitigate the risk of cyberattacks.

Developers and employees increasingly turn to AI for coding assistance, however sharing company codebases can pose a major security risk because it is a business’s core intellectual property. If proprietary source code is pasted into AI platforms, it may be stored, processed, or even used to train future AI models, potentially exposing trade secrets to external entities.

Businesses should, therefore, implement strict AI usage policies to ensure sensitive code remains protected and never shared externally. Additionally, using self-hosted AI models or secure, company-approved AI tools can help mitigate the risks of leaking intellectual property.

 

 

The sources given for their research are:

  1. Cybsafe | The Annual CybersecurityAttitudes and Behaviors Report 2024-2025
  2. Masterofcode | MOCG Picks: 10 ChatGPT Statistics Every Business Leader Should Know
  3. CyberHaven | 11% of data employees paste into ChatGPT is confidential

 

Sunday, 19 January 2025

AI and ethics and mainframes

Imagine two people talking in a bar and one says that they believe in God and the other says that there is no such thing. The conversation moves on. One says that they think their Apple phone and tablet are the best things ever and the other says that if most of the world uses Android that must prove their thinking is wrong. The conversation moves on. One person says that Trump is the best person to lead the USA into the future and the other says that Trump will only harm the country’s standing in the world.

It doesn’t matter which person you identify with in each of those discussions, what it shows is that not all people agree on these three and many other issues. But we knew that already. The reason why it is important is because those two hypothetical people could be responsible for the training of two different pieces of artificial intelligence (AI) software. The views, opinions, beliefs, and values of the person responsible for the training of an AI could influence the ‘thinking’ of the AI and the responses that it comes up with when asked questions by users. And those people could be mainframe users.

Britannica tells us that the “term ethics may refer to the philosophical study of the concepts of moral right and wrong and moral good and bad, to any philosophical theory of what is morally right and wrong or morally good and bad, and to any system or code of moral rules, principles, or values”.

Let’s suppose that someone with the mindset and ethics of Adolf Hitler trained a popular AI, or perhaps one of the founding fathers of the USA was responsible for the training. What kind of AI would they produce. The founding fathers of the USA were generally quite happy with the idea of slavery. The men still thought that women didn’t need to be educated because their poor feeble female brains couldn’t cope. And that women basically belonged to their fathers until they were married when ownership passed to their husbands. Much the same thinking applied over most of Europe. It’s the way most Europeans thought in the 17th and 18th centuries.

So, let’s suppose that a piece of AI software – and, nowadays, you can hardly buy a new device without it being advertised as coming with some super new AI – has been trained with some ethical value that the majority of people don’t agree with. However, because that is such a small part and everything else seems OK, the software gets installed on your mainframe. Let’s suppose it’s a piece of security software that is identifying unusual activity on your mainframe. Perhaps a systems programmer has apparently logged in from a foreign country at 2am, and is now making changes to the system. Perhaps he is giving some software higher access levels than before. Perhaps he is deleting certain files. Now, hopefully, your security AI will spot this as unusual, and quickly suspend the job until someone can check exactly what is happening. Then, if it’s all OK, the job can continue. If it’s not OK, then not too much damage has been done.

The users of the AI will assume that the AI is on their side. It has the same values as them and knows what’s good and bad, or right and wrong in the same way as the user. But what if it doesn’t? You don’t usually expect software to have ethical values, but with AI, this becomes more of a concern. What about using an open-source AI. How can you check whether the values that have been trained into it match yours?

There’s lots of talk about the ethics of using AI software. Should students use AI to write their essays. Should AI be used to create nude videos of famous (and not so famous) people. And there are so many other areas. But what no-one talks about is the actual ethical values of the AI software itself.

We’re all familiar with the Terminator movies. Suppose the AI decides that humans are destroying the planet, and the right thing is to remove them from existence. Or, more worryingly, suppose the AI decides that someone logging into your mainframe from one specific foreign country is permissible because they are our friends, and lets them launch a ransomware attack on your mainframe.

Ethical conversations over a beer usually pass off without anyone getting too upset. The embedded ethics of AI software might have more far-reaching consequences.


Sunday, 12 January 2025

2024 at iTech-Ed Ltd

As usual at this time of year, I thought I’d take a look at the previous year, with the spotlight on what was happening at iTech-Ed Ltd.

The exciting news in January was that Trevor Eddolls was recognized by IBM as a 2024 IBM Champion. IBM said: “On behalf of IBM, it is my great pleasure to recognize you as a returning IBM Champion in 2024. Congratulations! We would like to thank you for your continued leadership and contributions to the IBM technology community. This recognition is awarded based on your contributions for the 2023 calendar year.”

On 16 January, the Virtual Db2 user group saw a presentation from Marcus Davage, Lead Product Developer at BMC Software. He was discussing how “Driving Down Database Development Dollars”. Then on 23 January, Todd Havekost, Senior z/OS Performance Consultant at IntelliMagic discussed “Enhanced Analysis Through Integrating CICS and Other Types of SMF Data” with the Virtual CICS user group.

February saw the publication of the always popular Arcati Mainframe Yearbook 2024. You can download a copy here – it’s FREE. Last year’s edition of this highly-respected annual source of mainframe information was downloaded around 21,000 times during the course of the year.

Also in February, Trevor’s article, “The Comprehensive Beginners’ Guide to AI”, was published on the TechChannel website. And his article “Ransomware Attacks and your Health” was published on the Planet Mainframe website.

On 13 February, the Virtual IMS user group had a presentation from Dr Daniela Schilling, CEO of Delta Software Technology, entitled “Replacing IBM IMS DB – Fully Automated and with Highest Security”.

On 12 March, Jenny He PhD, IBM Master Inventor, CICS Development at IBM Hursley Park, gave a presentation to the Virtual CICS user group entitled, “CICS Event processing and CICS policies”. And on 19 March, Toine Michielse, Solutions Architect at Broadcom, discussed “A day in the life of a Db2 for z/OS Schema” with the Virtual DB2 user group.

In April, Trevor Eddolls was awarded an IBM Z and LinuxONE Community Contributor – 2024 (Level 1) badge. The badge earner is an external community member who is passionate about IBM zSystems and LinuxONE and wants to make a positive difference. This individual has expressed interest in contributing to the community in their own unique way.


Also in April, Trevor’s article, “Why Today’s AI Is Failing”, was published on the TechChannel website.

On 9 April, the Virtual IMS user group had a presentation from IBM’s Stephen P Nathan entitled “How to Help IBM AND YOU Quickly Resolve IMS Problems”.

Towards the end of April, Trevor was listed as a 2024 Influential Mainframers on the Planet Mainframe website.

In July, Trevor Eddolls was awarded an IBM Z and LinuxONE Community Advocate – 2024 (Level 2) badge. The badge earner has actively contributed to the IBM Z and LinuxONE community and has expressed interest in continuing to do so. This individual is in good standing with their IBM Z and LinuxONE peers and is passionate about taking their advocacy to the next level. The badge earner has expert skills in IBM Z and LinuxONE and can be expected to regularly contribute technical knowledge to the community.

Also in July, Trevor Eddolls was awarded an IBM Z and LinuxONE Community Influencer – 2024 (Level 3) badge. The badge earner is an active and passionate member of the IBM Z and LinuxONE Community. He is a thought leader and viewed as a technical expert by his peers. This individual contributes to the community regularly.

iTech-Ed Ltd was shortlisted in the seventh annual Southern Enterprise Awards. The team at SME News nominated iTech-Ed Ltd, recognizing its exceptional contributions and achievements.

In August, Trevor’s article, “Get ready for DORA”, was published on the Planet Mainframe website.

Also in August, iTech-Ed Ltd was awarded, "Best Specialist IT Consultancy 2024 - Wiltshire" in the Southern Enterprise Awards 2024, hosted by SME news. Also, C Level Focus emailed to say, "You've been named one of the 'Top 10 Inspiring CEOs of 2024' by the CLF Magazine editorial team".

Thirdly in August, Mainframerz Meetup on LInkedIn said...

Perhaps not the best way to deal with a data leak

For many years
Trevor Eddolls has written many great posts and I couldn't think of a better way to lead into the IBM Cost of a Data Breach report that follows than the story by Trevor of a data breach at NTT.
If you would like to read a 'how to guide' of how not to respond to a Data Breach then the article from Trevor is 'the guide you are looking for' – (you need to read the quote in a Star Wars voice).
I genuinely think you may take an in-take of breath in how this was responded to, I don't want to give the best bits away and it's all very juicy. I will leave one teaser which is one of the statements shared, which the politest way of saying this would be that this is not full disclosure of the facts.
Additional measures to mitigate any further risk and protect the data of our customers were also activated. At this time, there is no visibility that client data has been affected.
If there was to be a scoop of the year I vote for this article Trevor has shared as it is eye opening and a must read recommendation. You can read the full shenanigans that Trevor has reported on
here.

In October, Trevor’s article, “Ransomware isn’t really a problem, is it?”, was published on the Planet Mainframe website.

Also in October, Trevor Eddolls was awarded the IBM Contributor, Advocate, and Influencer – 2024 badges.


At the end of October, Trevor’s article, “Defense against the dark arts — mainframe security”, was published on the Planet Mainframe website.

On 5 November, Trevor presented to the AI stream at the GSE conference in the UK. His presentation was called “How to create Artificial Generalized Intelligence”, and looked at how the human brain has solved the problem of a generalized intelligence and how this can be applied to AI.

In December Trevor Eddolls was awarded a speaker badge. The award says, at "Mainframe@60: The Diamond Anniversary of Digital Dominance", you showcased profound expertise and in-depth knowledge. Your engaging presentation style and ability to foster interactive discussions left a lasting impression on the participants, making your session a valuable and enriching experience to our conference.”

Looking forward to the coming year, the Arcati Mainframe Yearbook 2025 will be published under its new title of the Arcati Mainframe Navigator. The Virtual IMS, Virtual CICS, and Virtual Db2 user groups will continue to meet six times a year. All of those are now curated by the great team at Planet Mainframe. And who knows what else we have to look forward to.

 

Sunday, 8 December 2024

Cyber targets for 2025

Let us imagine that there is a room somewhere in Russia (but it could be anywhere else hostile to the West) and it’s full of hackers plotting their attacks for 2025. You can imagine that they are sharing stories of their successes in 2024. How they have targeted people with phishing emails and got them to open malware or download (unwittingly) malware that has not only given the hackers access to the servers of that company, but every other company in the supply chain.

The next hacker speaks up explaining how he has got round the security of cloud providers and managed to get into a variety of organizations that way. He proudly explains that he hasn’t even exploited some of those hacks yet. They are now easy targets for the New Year.

A third hacker explains how he managed to access a security update to a frequently used piece of software, and how he had added a back door that no-one had spotted. So, when everyone downloaded the software and patched the vulnerability, they introduced a back door that only he knew about. He suggested that this time next year he would be rich from all the ransoms he was going to collect.

Another hacker jumps up and explains that he was using AI to automate ransomware attacks, and he is making lots of dosh from the people who were paying him for the Ransomware as a Service software – sometimes people with very little IT knowledge – and were then using it to attack companies that had upset them in some way.

Lots of other people want to speak up with stories of how they had attacked companies and made money, but everyone stops speaking as an old general gets to his feet. He looks very stern but smiles as he starts to speak. “Comrades”, he says, “you have all done very well attacking companies in the West.” He pauses and his face takes on a sternness that had scared many a junior officer. He continues, “The problem is this: we have not defeated the West. What I need you to do is find some way to bring down the whole infrastructure of western society. Can you do that?”

The hackers look round at each other, until one speaks up. “Capitalist society depends on capital.” The audience is not overimpressed by the obviousness of the comment. There is much murmuring from the audience, but the hacker continues, “Why don’t we attack the banks and all the other financial institutions in North America and Europe. If they don’t have access to money, everything else will come to a stop.” The crowd nods in agreement. Some make additional useful comments to each other.

“How do we do that?” asks the general. “We attack the mainframes that are used by most of these organizations”, replies the hacker. And that’s what they do. Attacks by people who understood Windows and Linux continue in all their forms, but a large tranche of the technical people are given the job of understanding how mainframes work and their vulnerabilities. After all, the majority of financial institutions use mainframes. A subgroup is given the task of looking at employees on mainframes and seeing which ones could be manipulated into giving access to these fintech mainframes. They are looking for staff with drug habits and staff with financial problems or other issues that could be used against them. Another group has the task of getting keyloggers onto the laptops of systems programmers at mainframe sites.

A list of potential hacking techniques that have been used before are circulated amongst the hackers for them to see which still work and are useful for others to try.

They could attack sites using CICS. There are automated tools like CICSpwn available that could be used to identify potential misconfigurations, which could then be used by the hackers to bypass authentication. They could use the CICS customer front end and try a simple brute force attack to find a userid and password that would get them into the system.

They could use FTP. Two things need to happen first – keylogger software needs to capture the login credentials from a systems programmer, and a ‘connection getter’ needs to identify where to FTP to. Commands can be written to upload malicious binaries, and JES/FTP commands can be used to execute those binaries.

They could use TN3270 emulation software for their attack. Provided they have some potential userids, they could try password spraying, ie a few commonly-used passwords can be tried against every userid on the system.

NJE allows one trusted mainframe to send a job to another mainframe that it’s connected to. Hackers could use NJE to spoof a mainframe or submit a job and gain access to that other mainframe.

Then there’s potential vulnerabilities in Linux and other non-IBM software (like Ansible, Java, etc) that runs on mainframes.

Other techniques are available, but it’s not the function of this blog to make the job of nation state hackers easier. It is the job of this blog to ensure that every mainframe site is doing everything it can to ensure that it is secure against all forms of attack, and that it has software installed that can alert staff at the earliest opportunity that an attack has started, and the defence software needs to be able to suspend any suspect jobs as soon as possible.

Meanwhile, meetings like the one I’ve envisaged are probably going on, and mainframe-using companies in the West are going to be the targets in 2025. Don’t let yours be one of them.

Sunday, 1 December 2024

Rock solid AI – Granite on a mainframe

Let’s start with what people are familiar with, ChatGPT. ChatGPT is a highly-trained and clever chatbot. The GPT part of its name stands for Generative Pre-trained Transformer. Generative means that it can generate text or other forms of output. Pre-trained means that it has been trained on a large dataset. And Transformer refers to a type of neural network architecture enabling it to understand the relationships and dependencies between words in a piece of text. IBM’s Granite 3.0 is very similar to ChatGPT, except that it is optimized for specific enterprise applications rather than general queries.

Just a side note, I was wondering about the choice of name for the product. In the UK, the traditional gift for a 90th anniversary is granite. I just wondered whether there was some kind of link. In 1933 IBM bought Electromatic Typewriters, but I can’t see the link. Or maybe I’ve been doing too many brain-training quizzes!

Granite was originally developed by IBM and intended for use on Watsonx along with other models. In May this year, IBM released the source code of four variations of Granite Code Models under Apache 2, allowing completely free use, modification, and sharing of the software.

In the original press release in September 2023, IBM said: “Recognizing that a single model will not fit the unique needs of every business use case, the Granite models are being developed in different sizes. These IBM models – built on a decoder-only architecture – aim to help businesses scale AI. For instance, businesses can use them to apply retrieval augmented generation for searching enterprise knowledge bases to generate tailored responses to customer inquiries; use summarization to condense long-form content – like contracts or call transcripts – into short descriptions; and deploy insight extraction and classification to determine factors like customer sentiment.”

The two sizes mentioned in that press release are the 8B and 2B models.

In October this year, Version 3.0 was released, which is made up of a number of models. In fact the press release tells us that “IBM Granite 3.0 release comprises: 

  • Dense, general purpose LLMs: Granite-3.0-8B-Instruct, Granite-3.0-8B-Base, Granite-3.0-2B-Instruct and Granite-3.0-2B-Base.
  • LLM-based input-output guardrail models: Granite-Guardian-3.0-8B, Granite-Guardian-3.0-2B
  • Mixture of experts (MoE) models for minimum latency: Granite-3.0-3B-A800M-Instruct, Granite-3.0-1B-A400M-Instruct
  • Speculative decoder for increased inference speed and efficiency: Granite-3.0-8B-Instruct-Accelerator.

Let’s put a little more flesh on the bones of those models:

  • The base and instruction-tuned language models are designed for agentic workflows, Retrieval Augmented Generation (RAG), text summarization, text analytics and extraction, classification, and content generation.
  • The decoder-only models are designed for code generative tasks, including code generation, code explanation, and code editing, and are trained with code written in 116 programming languages.
  • The time series models are lightweight and pre-trained for time-series forecasting, and are optimized to run efficiently across a range of hardware configurations.
  • Granite Guardian can safeguard AI by ensuring enterprise data security and mitigating risks across a variety of user prompts and LLM responses.
  • Granite for geospatial data is an AI Foundation Model for Earth Observations created by NASA and IBM. It uses large-scale satellite and remote sensing data.

In case you didn’t know, agentic workflows refer to autonomous AI agents dynamically interacting with large language models (LLMs) to complete complex tasks and produce outputs that are orchestrated as part of a larger end-to-end business process automation.

Users can deploy open-source Granite models in production with Red Hat Enterprise Linux AI and watsonx, at scale. Users can build faster with capabilities such as tool-calling, 12 languages, multi-modal adaptors (coming soon), and more, IBM tells us.

IBM is claiming that Granite 3.0 is cheaper to use compared to previous versions and other LLM (large language models) such as GPT-4 and Llama

IBM also tested the Granite Guardian against other guardrail models in terms of their ability to detect and avoid harmful information, violence, explicit content, substance abuse, and personal identifying information, showing it made AI applications safer and more trusted.

We’re told that the Granite code models range from 3 billion to 34 billion parameters and have been trained on 116 programming languages and 3 to 4 terabytes of tokens, combining extensive code data and natural language datasets. If you want to get your hands on them, the models are available from Hugging Face, GitHub, Watsonx.ai, and Red Hat Enterprise Linux (RHEL) AI. A curated set of the Granite 3.0 models can be found on Ollama and Replicate.

At the same time, IBM released a new version of watsonx Code Assistant for application development. The product leverages Granite models to augment developer skill sets, simplifying and automating their development and modernization efforts. It simplifies and accelerates coding workflows across Python, Java, C, C++, Go, JavaScript, Typescript and more.

Users can download the IBM Granite.Code (which is part of the watsonx Code Assistant product portfolio) extension for Visual Studio Code to unlock the full potential of the Granite code model from here.

It seems to me that the Granite product line is a great way for organizations to make use of AI both on and off the mainframe. I’m looking forward to seeing what they announce with Granite 4.0 and other future versions.

 

Sunday, 24 November 2024

Tell me about ONNX and mainframe AI

Let’s start by finding out what ONNX is. It stands for Open Neural Network eXchange, and it’s described as an open-source AI (artificial intelligence) ecosystem with the aim of establishing open standards for representing machine learning algorithms and software tools to promote innovation and collaboration. You can get it from GitHub.

To put that another way, it means you can create and train AI models on any platform that you like, using any framework (eg PyTorch, TensorFlow, Caffe2, Scikit-learn, etc) you like, and ‘translate’ that into a standard format that can then be run on any other platform – and the one that we’re interested in is the mainframe.

ONNX was originally called Toffee and was developed by a team from Facebook, but was renamed in 2017. It’s supported by IBM, Microsoft, Huawei, Intel, AMD, Arm, Qualcomm, and others.

Developers may want to use different frameworks for a project because particular frameworks may be better suited to specific phases of the development process, such as fast training, network architecture flexibility, or inferencing on mobile devices. ONNX then facilitates the seamless exchange and sharing of models across many different deep learning frameworks. Another advantage of using ONNX is that it allows hardware vendors and others to improve the performance of artificial neural networks of multiple frameworks at once by targeting the ONNX representation.

ONNX provides definitions of an extensible computation graph model, built-in operators and standard data types, focused on inferencing (evaluation). Each computation dataflow graph is a list of nodes that form an acyclic graph. Nodes have inputs and outputs. Each node is a call to an operator. Metadata documents the graph. Built-in operators are to be available on each ONNX-supporting framework. Thanks to Wikipedia for the information in this format.

So, we saw in that list of vendors that IBM is involved in the project. How is ONNX used on a mainframe? I know part of the answer to that because I watched a fascinating presentation by Megan E Hampton, IBM – Advisory Software Engineer, at the excellent GSE UK conference at the start of the month. Here’s what she told her audience.

Currently, on the mainframe, there aren’t many tools available for the optimization of AI models. That’s where ONNX comes in. It is an open format for representing AI models. ONNX defines a computation graph model, as well as definitions of built-in operators and standard data types.

ONNX uses a standard format for representing machine learning (ML) and deep learning (DL) models. ONNX models are generated by supported DL and ML frameworks or converted from other formats by converting tools. ONNX models can be imported into multiple frameworks and runtime engines and executed/accelerated by heterogeneous hardware and execution environments.

Among the benefits of using ONNX on a mainframe are that it:

  • Allows clients to use popular tools and frameworks to build and train.
  • Makes assets portable to multiple Z operating systems.
  • Optimizes and enables seamless use of IBM Z hardware and software acceleration investments.

But what’s the next stage? How do you get from an AI model to something useful that can run on a mainframe? That’s where the IBM Z Deep Learning Compiler (zDLC) come in. It uses open source ONNX-MLIR to compile .onnx deep learning AI models into shared libraries. The resulting shared libraries can then be integrated into C, C++, Java, or Python applications.

zDLC takes the ONNX (model) as input, and generates a single binary. It handles static and dynamic shapes as well as multiple data representations. And it exploits parallelism via OpenMP. OpenMP (Open Multi-Processing) is an application programming interface (API) that supports multi-platform shared-memory multiprocessing programming in C, C++, and Fortran. It consists of a set of compiler directives, library routines, and environment variables that influence run-time behaviour.

Multi-level intermediate representation (MLIR) significantly reduces the cost of building domain specific compilers. It connects existing compilers together through a shared infrastructure. It’s part of LLVM compiler and follows LLVM governance. LLVM and MLIR are new and powerful ways of writing compilers that are modular and generic. MLIR is flexible, and introduced the concept of ‘dialects’.

Think of it like this:

ONNX (the AI model) plus MLIR (the compiler) produces ONNX-MLIR | IBM Z Deep Learning Compiler (ie it compiles the AI models).

So, just to explain these further, MLIR is a unifying software framework for compiler development. It is a sub-project of the LLVM Compiler Infrastructure project.

LLVM is a set of compiler and toolchain technologies that can be used to develop a frontend for any programming language and a backend for any instruction set architecture. LLVM is designed around a language-independent intermediate representation (IR) that serves as a portable, high-level assembly language that can be optimized with a variety of transformations over multiple passes. Interestingly, LLVM isn't an acronym, although, originally, it stood for Low Level Virtual Machine.

Let’s go back to the mainframe again, we can build and train a model in any popular framework (PyTorch, TensorFlow, etc) on any platform, which allows the maximum flexibility possible. Then on the mainframe, we can then use ONNX. Models are converted to the ONNX interchange format. We can then leverage z/OS Container Extensions (zCX) if we want to run the application inside a Docker container on z/OS as part of a z/OS workload. We can also run the applications on zIIP engines, which won’t impact the 4-hour rolling average cost of general processors. The IBM zDLC (Deep Learning Compiler) enables existing models to quickly and easily take advantage of the IBM z16 Telum processor's Integrated Accelerator for AI.

Looking at the Deep Learning Compiler Flow: the ONNX model (dialect) is lowered and transformed through multiple phases of intermediate representation (IR) to a dialect that can be processed by an LLVM compiler. The output of the LLVM compilation and build is a shared library object that can be deployed.

It all seems so simple when it’s explained. I expect we’re going to hear a lot more about all this.

 

Sunday, 10 November 2024

More on security

Following on from last week’s blog entitled Insider threats and smf, I recently got a press release from application security SaaS company Indusface giving some figures to the problem that organizations are facing from their own employees. It’s not just that there are a very small minority of employees who seem intent on bringing their company down by deleting data or launching ransomware attacks, there also seems to be a huge pool of people who inadvertently give away information, or open malware, or click on ‘dodgy’ links that leave companies wide open to serious attacks by bad actors.

The people at Indusface have used global search data from AHrefs to find the world's top five questions and concerns about cyber security in the workplace. The data from AHrefs, which was correct as of October 2024, can be found here. They have then come up with their own suggested answers to those searches.

I’d like to start with the question that came in fourth place, which was “What percentage of breaches are human error responsible for?” There were similar searches on “Human error cyber security”

Their answer was: “According to data by Indusface, 98% of all cyber-attacks rely on human error or a form of social engineering. Special engineering breaches leverage human error, emotions, and mistakes rather than exploiting technical vulnerabilities. Hackers often use psychological manipulation, which may involve coaxing employees to reveal sensitive information, download malicious software, or unknowingly clicking on harmful links. Unlike traditional cyberattacks that rely on brute force, social engineering requires direct interaction between attacker and victim.

“Given that human error can be a major weak link in cyber security, the best way to prevent these attacks is to put in place education and training on the types of attacks to expect and how to avoid these. That said, implementing a zero-trust architecture, where requests for every resource are vetted against an access policy, will be paramount in stopping attacks from spreading even when a human error results in a breach. Also, make sure that the applications are pen tested for business logic and privilege escalation vulnerabilities so that the damage is minimized.

“Basics such as standard best practices across the board, secure communications, knowing which emails to open, when to raise red flags, and exercising extreme caution when accepting offers will go a long way in preventing human errors that lead to breaches.”

Let’s look at the other search terms in the top five. In first place, with the most searches, was. “Why is cyber security training so important for business?” There were similar searches for “Cyber security for business”.

The answer from Indusface was: “With data breaches costing businesses an average of $4.45 million globally in the last year (according to IBM’s Cost of a Data Breach Report 2024), it raises the question of just how critical it is for organizations to provide employees with comprehensive training on what constitutes sensitive data and how they can protect it, as well as what is at stake if they do not adhere to the policies.

“And training doesn’t have to be monotonous, for example set up phishing email simulators to engage the team and allow them to see the potential dangers in action. These simulations show how quickly and easily attacks can happen, helping employees develop practical, hands-on skills for spotting suspicious activity.

“Cybersecurity threats evolve constantly, so training should be regular, not a one-time event. Regular training and guidance will ensure that employees receive tailored guidance on securing their work equipment, home offices, use of VPNs, and recognizing the unique threats posed by both in-office and home working environments.”

The second most frequent searches were “How is AI used in cyber security?” or simply “Cyber Security AI”.

Indusface said: “The biggest problem with security software, especially website and API protection is the prevalence of false positives. False positives are when legitimate users are prevented from accessing an application. So notorious is this problem that 50%+ of businesses worldwide have implemented Web Application and API Protection/ Web Application Firewall (WAAP/WAF) solutions and left them on log mode. This means that attacks go through the WAF and they are at best used as log analysis tools after a breach.

“Effectively using AI can help with eliminating or reducing false positives to a bare minimum and encourage more businesses to deploy WAFs in block mode.

“The other problem with security software is letting an attack go through. These are also called false negatives. Using AI on past user behaviour and attack logs can effectively prevent any attacks that don’t conform to typical user behaviour.”

Third in their list was “How can you protect your home computer?” and “Home cyber security”. They suggest that by 2025, according to a Forbes’ article, approximately 22% of workers will work remotely. They go on to ask, with such a significant increase in remote roles, how can employers ensure their employees' home computer remains protected?

Their answer was: “Remote working means people are working in less secure environments and their devices are more exposed to data breaches both digitally and physically. Many remote workers are using the same device for professional and personal use, or even accessing company data on devices shared with other household members.

“Employers should ensure strong password management, including using automatic password generators that create extra secure passwords, and never duplicate these across accounts. Multi-factor authentication also provides a secure method of verifying your identity, making it harder for hackers to breach any accounts. Limiting what could be accessed on official devices is also important in thwarting attacks.

“That said, installing endpoint security software like antivirus, and keeping it updated, should be enough to protect most computers, unless you fall victim to an advanced phishing attack.”

The fifth most popular searches were, “What are the top 3 targeted industries for cyber-attacks?” and “Top industries cyber-attack”.

Here’s what Indusface said: “According to EC University, manufacturing, professional / business, and healthcare are the top 3 targeted industries.

“The manufacturing sector leads the world in cybercrime incidents according to Statista (2023). Attacks on the industry range from halting production lines, to the theft of intellectual property, and compromising the integrity of supply chains.

“The professional, business, and consumer services sector has also become an attractive target for cybercriminals due to its heavy reliance on sensitive data. Confidential client information and business insights are often targeted, leading to significant financial losses and damage to brand reputation, and client relationships.

“A breach in the healthcare industry can have dire consequences, from compromising sensitive patient data to disrupting critical medical services. Given the high value of medical records on the black market, there is an urgent need for stronger cybersecurity measures to protect both patient privacy and the integrity of healthcare systems.”

I thought it was useful to get another view on the ongoing issue of keeping your mainframe – and any other platforms your organization supports – safe from breaches. And keeping your employees alert at all times to potential threats.