Abstract — Hacking Big Iron with AI

Mainframes still underpin critical infrastructure such as banking, airlines, and government systems, yet most modern security teams approach them using assumptions formed around Unix, Windows, and enterprise platforms. These assumptions often fail on z/OS, creating blind spots that are difficult to detect and easy to underestimate.

This talk explains how mainframe security actually works and why familiar concepts such as “root,” shells, ports, and lateral movement do not translate cleanly. Focusing on components like JES, JCL, RACF, CICS, VTAM, and PR/SM, we explore where attackers and defenders truly operate today: transactions, security managers, and management boundaries.

From an offensive perspective, the talk reframes how attackers actually move inside mainframe environments: not through shells or services, but via job submission paths, inherited authority, transaction routing, and security manager behavior. The session highlights concrete failure modes red teams encounter when modern assumptions are applied to z/OS, and how those blind spots are exploited in real assessments.

Using real TN3270 terminal screens and practical examples, attendees will learn a repeatable methodology for assessing mainframe environments and identifying misconfigurations that appear harmless but can have severe impact.

The talk also demonstrates an AI-assisted assessment approach: a local LLM interprets TN3270 screens in real-time, narrates walkthroughs, and tutors interactively — all running 100% offline with no cloud APIs or data exfiltration risk.

No prior mainframe experience is required.

Five Broken Assumptions

VTAM “Ports define exposure” — VTAM’s session fabric exists independently of TCP/IP

RACF “There is a root user” — Authority is distributed across profiles, not accounts

TSO “Processes are short-lived” — Address spaces persist for weeks or months

JES “Work executes immediately” — JES queues, schedules, and defers execution

TSO “There is a filesystem” — Datasets, catalogs, PDS members — no hierarchy

Exposure Model

VTAM session fabric, CICS transactions, and reachability without ports

Privilege Model

RACF profiles, inherited authority, and why there is no root

Execution Model

JES/JCL job submission, deferred execution, and identity preservation

Offensive Methodology

Repeatable assessment framework with real TN3270 examples

AI-Assisted Assessment

Local LLM interprets screens, narrates walkthroughs, and tutors in real-time

100% Offline

No cloud, no API keys — safe for sensitive assessment environments

No prior mainframe experience is required.

Open-Source Tool Release

AI-powered mainframe security assistant — local LLM, TN3270 terminal, and offensive methodology in one tool

Local LLM (Ollama) TN3270 Terminal AI Screen Analysis AI-Narrated Walkthroughs Red Team AI Tutor Trust Graph Test & Report (F1–F5) Security Labs No Cloud / No API Keys

Watch Video Download PDF GitHub Repo