Mainframes, AI, and security

I was interested to read IBM’s thoughts about AI on the mainframe, which was published in January. You can read it here. The article discusses the different ways that AI can be integrated with mainframes. The article tells us that on-chip AI accelerators can scale and process millions of inference requests per second at very low latency rates. This capability allows organizations to use data and transactional gravity by strategically co-locating large datasets, AI, and critical business applications. In the future, next-gen accelerators will open up new opportunities to expand AI capabilities and use cases as an organization’s needs grow.

It talks about ensemble AI, which it describes as a hybrid concept that integrates different AI technologies, such as traditional AI and LLM encoder models, to deliver faster, more accurate results than any single model can accomplish alone, tapping into the mainframe's massive processing power and data storage capabilities.

The article then discusses four potential use cases of AI on a mainframe. The first of these is real-time fraud detection, which can be of use to fintech companies. As an example, it discusses a large North American bank that had developed an AI-powered credit-scoring model and deployed it on an on-premises cloud platform to help fight fraud. However, only 20% of credit card transactions could be scored in real-time. The bank decided to move the complex fraud-detecting tools to its mainframe.

After the mainframe implementation, the bank began scoring 100% of credit card transactions in real-time, with 15,000 transactions per second, providing significant fraud detection.

Moreover, each transaction used to take 80 milliseconds to score. With the reduced latency provided by the mainframe, response times now occur in 2 milliseconds or less. This move to the mainframe has also saved the bank over US$20 million in annual fraud prevention spend without impacting service-level agreements.

The second example was IT operations and AIOps describing how organizations can now use AI to proactively prevent or even predict an outage caused by equipment failure. By applying AI mechanisms, organizations can detect anomalies at the transaction, application, subsystem, and system levels. For instance, sensors can analyse data from mainframe components to predict potential hardware failures and enable preventative maintenance. They say that organizations are increasingly turning to the application of AI capabilities to automate, streamline, and optimize IT infrastructure and operational workflows. AIOps enables IT operations teams to respond quickly to slowdowns and outages, providing better visibility and context.

The third example given is advanced document processing, saying that processing documents on the mainframe helps streamline and deliver accurate data extraction in a highly secure setting. Organizations can use gen AI to summarize financial documents and business reports, extract key data points (for example, financial metrics and performance indicators), and identify essential information for compliance processes (for example, financial audits).

And lastly in their list are AI code assistants. They affirm that virtual assistants on the mainframe are helping to bridge the developer skill gap. Tools, such as IBM® watsonx Code Assistant™ for Z, use generative AI to analyse, understand and modernize existing COBOL applications. This capability allows developers to translate COBOL code into languages like Java. It also accelerates application modernization while preserving legacy COBOL systems' functionality. Watsonx Code Assistant for Z features include code explanation, automated refactoring and code optimization advice, making it easier for developers to maintain and update old COBOL applications.

Now I’m not saying anything against those four areas. In fact, I totally support them as great uses of AI on a mainframe. However, I would have thought that one area where AI assistance would be needed is in security. It only takes a brief Google search to find a number of companies that have produced reports about ransomware attacks or giving more details about the techniques criminal gangs or teams associated with foreign governments are using to attack organizations. There are also plenty of reports about the cost of these attacks to more high-profile organizations. I don’t just mean the cost of new hardware, software, or staff, I mean fines for non-compliance with regulations, and court costs and fines paid to individuals whose data has been stolen.

I would have thought those kinds of stories would have crossed the desk of an organization’s chief financial officer (CFO) as well as anyone associated with IT. Admittedly, the majority of attacks are on non-mainframe platforms, but that doesn’t mean mainframes aren’t targets for attacks because, as we know, they contain a large amount of data about people and finances.

I would like to see AI-based software able to be as effective as the best non-AI security software. And then I would like to see the AI software learn and improve. As I’ve mentioned previously, the security software needs to be trained to recognize ‘normal’ activity by people who have access to the mainframe, and then automatically suspend any unusual actions by them. This prevents too much damage being done, if it a job being run by malware rather than a real person. If the person is authorized, then appropriate checks by the security team can allow the job to continue.

Because malware attacks get more sophisticated each year, it’s important to have some kind of defence shield that can learn an adapt and continue to keep the mainframe safe. I’m surprised that we haven’t had security software listed as an important area for AI development. I assume it must be because it’s not such an easy thing to do as some of the other areas listed in the IBM article.