AI Super Simplified
See which AI model actually wins - AI Super Simplified comparisons
Edition #274

The hidden battle inside the mainframe

Edition 274 — BMC's Ken Chism on mainframe ransomware, Zero Trust & resilience

By Jerry Croteau
Stylized mainframe rack with a shield and cloud network lines, representing mainframe cybersecurity

Why an AI newsletter is writing about mainframes

Here's the connection: the same AI tools you use every day to draft emails and summarize documents are now being used, by criminals and state-backed hackers, to break into the systems that move your paycheck, your flight booking, and your insurance claim. That's not a hypothetical. It happened this month.

On July 1, 2026, security firm Sysdig published research on an attack it calls JADEPUFFER — what researchers believe is the first ransomware attack carried out almost entirely by an AI agent, with no human steering the actual break-in. A person picked the target and set up the infrastructure. From there, the AI handled reconnaissance, stole credentials, moved through the network, and encrypted the data on its own — including, in one documented moment, diagnosing why a login attempt failed and fixing it in about 30 seconds flat. (Sysdig research, via The Hacker News; Techzine)

This isn't the first time AI has shown up on the wrong side of a keyboard. Anthropic itself has disclosed two earlier cases: a 2025 extortion campaign that used its Claude Code tool to hit at least 17 organizations with ransom demands up to $500,000 (a human was still steering that one), and a separate campaign disclosed in November 2025 involving a Chinese state-linked group that had Claude write exploits and steal data with very little human help. (The Hacker News)

The pattern is clear: AI is lowering the skill it takes to run a serious attack. That matters most for the systems that were built assuming attackers would need real expertise to reach them — like the mainframe. And here's the part that makes this edition worth your time even if the word "mainframe" means nothing to your business: the lesson isn't really about mainframes at all.

The machine nobody wants to talk about

Mainframes still run some of the most critical systems in finance, government, and infrastructure. If the mainframe stops, the business often stops. Yet in most security programs it's treated as "too old to hack" or "someone else's problem" — a legacy curiosity rather than a core dependency.

That blind spot is the whole story. Ken Chism, Head of Worldwide Cybersecurity Sales at BMC Software, has spent years arguing that the risk isn't that mainframes are weak — it's that they're excluded from the modern security stack: no Zero Trust, thin SIEM telemetry, no rehearsed ransomware recovery. AI just made that gap a lot more urgent.

A quick note on why Chism is the right guide here: BMC builds the software that closes exactly these gaps — mainframe monitoring, behavior analytics, automated recovery. That's a commercial interest, plainly stated, and it's also why he sees this battlefield more clearly than most. His warnings hold up even if your company will never touch a mainframe, because the pattern he describes shows up at every company size.

1. Why the mainframe is a blind spot

Three gaps show up again and again across Ken's talks and writing (Crossing the CISO–Mainframe Chasm, BMC; The Hidden Cybersecurity Battle Inside the Mainframe, Planet Mainframe):

  • It's still central, not legacy. When it goes down, entire business lines or national-scale services go with it.
  • Visibility gap. Many teams don't stream mainframe telemetry into their enterprise SIEM and threat workflows, so incident response is incomplete before it starts.
  • Governance gap. Leaders who feel uncomfortable talking about the mainframe create a strategic blind spot in every risk conversation.

Notice that none of these three gaps is actually about 1960s hardware. Central-but-ignored, unmonitored, ungoverned — that describes a neglected file server or a forgotten admin account just as well as it describes a mainframe.

2. The insider threat just got an upgrade

At a recent SHARE Cleveland panel, Chism named what keeps him "paranoid" — insider and contractor risk at scale, including scammers posing as employees. Here's the AI mechanism behind that fear, spelled out: North Korean state-backed operatives have been using AI-written resumes and deepfake video interviews to get hired as remote IT workers inside real companies — more than 300 US companies infiltrated since 2020, with CrowdStrike reporting a 220% year-over-year jump in these operations.

Add IBM's 2026 X-Force finding — a 44% jump in attacks that begin with AI-accelerated vulnerability discovery — and the picture sharpens: the entry points Chism worries about are getting cheaper for attackers to find and use.

"We'd never hire a fake employee" isn't a defense anymore — it's a hope. And small companies with lighter vetting are easier to fool, not harder.

3. The jargon, translated

  • Zero Trust — a security model that never assumes anyone or anything inside the network is safe. Every user, device, and request has to prove itself, every time — like a building where your badge is checked at every door, not just the lobby.
  • SIEM (Security Information and Event Management) — software that watches the activity logs from every system a company runs and flags anything suspicious, all in one place. Think of it as one security-camera monitor wall for your entire computer network instead of a camera per room with nobody watching.
  • Ransomware — malicious software that locks up a company's data (encrypts it) and demands payment to unlock it. It's a digital kidnapping of files.

4. AI cuts both ways — the defense side

The same technology powering these attacks is what finally makes defense practical at scale. From Ken's talks with BMC security PMs Mark Banwell and David Lea (Your Mainframe Security Needs — From Behavior Analytics to Security Admin Tools to Risk Assessment):

5. So what do you actually do? Pick your lane

If your company runs a mainframe

Banks, insurers, airlines, government, large retail — and if you're not sure, ask IT; the answer surprises people. Take these four questions to the next security or board conversation:

  1. Visibility — Does the security team have end-to-end visibility from the mainframe into the SIEM and threat-intel workflows? An honest "no" means the incident-response story is incomplete.
  2. Recovery — If the mainframe went offline to ransomware tomorrow, does anyone know the exact technical and business recovery steps? If not, tabletop it like a cloud outage.
  3. Zero Trust alignment — Are its access controls part of the company's Zero Trust strategy, or a separate legacy world? If separate, that's two security models in one company.
  4. People — Could the hiring and contractor-vetting process catch an AI-fabricated identity — a deepfake interview, an AI-written resume? If nobody's asked, nobody's checked.

If you don't

You still have a "mainframe." It's the system that's too critical to fail and too boring to watch: the aging on-prem server, the CRM nobody patches, the accounting system on one machine, the admin account from an employee who left. Ask it the same four questions, scaled down:

  • Do you actually monitor it, or just assume it's fine?
  • Is there a backup you've restored from at least once — not just a backup you believe exists?
  • Who has access, and would you notice a login that shouldn't be there?
  • Could a convincing stranger — human or AI-assisted — talk their way into it?

Either way

The JADEPUFFER lesson is the same at every company size: AI just made attacking neglected systems cheap. The fix isn't exotic — it's giving your most boring critical system the same attention as your newest one.

Where this leaves us

AI didn't create the mainframe blind spot — Chism has been pointing at it for years. What AI changed is the timeline. Attacks that used to require a skilled team now need an AI agent and a head start; infiltration schemes that used to require a convincing liar now just need a convincing model. That's the bad news, and it applies to every neglected system, not just the ones in raised-floor data centers.

The good news is the same technology cuts the other way, and it's already deployed: behavior analytics that catch a compromised account before it does damage, automated correlation that shortens the time it takes a security team to understand what's happening, and policy simulation that shows the impact of a change before it ships. Your critical system doesn't need magic AI — whether it's a mainframe or a ten-year-old server in a closet. It needs the same disciplined monitoring everything else already gets, and AI, used well, is what finally makes that affordable at any scale.

Watch & read next

I went into this expecting a story about old machines and big companies. What I found was a lesson for every business: AI just made attacking neglected systems cheap, at the exact moment defending them got affordable. You don't need a mainframe for this to be your problem — you need one system that's too critical to fail and too boring to watch. Find yours, and give it the attention everything else already gets.
Jerry Croteau