IBM’s New ‘Bob’ AI Bot: Your Premium Ticket to Modernizing Legacy IBM i or a Security Minefield? + Video

Listen to this Post

Featured Image

Introduction:

IBM has officially announced the “Premium Package for i,” an AI-powered add-on for its Project Bob assistant. While pitched as a productivity revolution that gives AI direct, native access to read, compile, and modify decades-old RPG and COBOL source code directly on IBM i systems, security professionals warn that granting an LLM unfettered access to production environments introduces a new class of supply-chain and authorization risks.

Learning Objectives:

  • Understand the core technical capabilities of IBM Bob Premium Package and its direct integration with QSYS source physical files.
  • Analyze the specific security vulnerabilities of IBM i systems, from CVE-listed flaws to API exposure risks.
  • Explore practical Linux, Windows, and IBM i commands for hardening AI-assisted development pipelines.

You Should Know:

  1. IBM Bob Premium Package: Direct Access to Core

The IBM Bob Premium Package for i is a paid add-on (likely subscription-based) designed to connect IBM’s AI assistant directly to the IBM i operating system at a native level. Unlike generic AI coding assistants, this package provides the capability for “On-System Development,” meaning Bob can interact with source physical files in QSYS, compile programs, and execute native commands. It features curated AI skills and agentic workflows optimized for IBM i modernization tasks, such as converting Fixed-Format RPG to Free-Format and generating RPG, CL, and DDS code.

However, security experts highlight a major concern: why is native “on-system” access being sold as a premium feature? Oscar Herrera, an IBM i modernization CEO, noted, “Why is direct access to the IBM i a ‘premium’ feature? It should be basic, core. I predict this will not stand for too long.” The premium structure could discourage teams from implementing essential, direct AI support, inadvertently pushing users toward less secure, copy-paste workflows.

You Should Know:

  1. Securing IBM i in the AI Era (Step‑by‑Step Guide)

The addition of an AI agent with command-line abilities significantly expands the IBM i attack surface. If not properly isolated, Bob could be tricked via prompt injection into executing malicious commands, such as changing object authorities or deleting libraries. Administrators must implement stringent controls immediately.

Step‑by‑step guide explaining how to harden an IBM i environment before integrating any AI assistant:
– Step 1: Restrict QSYS Authority. Use the `EDTOBJAUT` (Edit Object Authority) command on critical libraries (e.g., QSYS, QHLPSYS) to ensure that generic user profiles cannot modify source files.
– Step 2: Implement Command Control. Use the `EDTCMD` (Edit Command) command to analyze and restrict usage of dangerous CL commands (like `CLRPFM` or DLTF). Third-party tools like `iSecurity Command` can provide granular control over command parameters to prevent injection.
– Step 3: Audit User Access. Run the `DSPAUTUSR` (Display Authority User) command to generate a report of which profiles have ALLOBJ and SECADM special authorities.
– Step 4: Configure Job Logging. Ensure Bob’s interaction spawns a specific job queue. Use the `CHGJOB` (Change Job) command to enforce logging of all executed commands to QHST.
– Step 5: Network Isolation. Place the Bob IDE connection on a dedicated VLAN. Verify that the IBM i NetServer is patched against known exploits, specifically CVE-2025-3218, which allows authentication attacks due to incorrect validation processing.

You Should Know:

  1. Hardening the IFS Against Lateral Attacks (Commands & Configs)

A major overlooked risk is the Integrated File System (IFS). Modern ransomware does not need to understand RPG; it sees the IFS as a network drive. If an AI agent like Bob gains write access to the IFS root, an attacker can use it as a vector to drop malware.

Step‑by‑step guide explaining how to lock down the IFS via the command line.
– Step 1: Remove Public Write Authority. From a QSH (Q-Shell) or PASE (Portable Application Solutions Environment) terminal, navigate to the root and execute:

cd /
chmod -R 755 QOpenSys

Or use the native IBM i command: CHGAUT OBJ('/') USER(PUBLIC) DTAAUT(EXCLUDE) OBJAUT(NONE).
– Step 2: Monitor Real-Time Changes. The IBM i supports file server exit programs to monitor access patterns. Set up exit programs to block the “rename” and “delete” functions in real-time if detected from an unusual source (like Bob’s user profile).
– Step 3: Disable Auto-Start Services. Use the `ENDTCPSVR` (End TCP/IP Server) command for servers like FTP and HTTP that auto-start after IPL (Initial Program Load) to reduce the surface area, then modify the startup programs to keep them off permanently.

You Should Know:

4. API Security: The Gateway for AI Exploitation

For Bob to function, it will likely utilize REST APIs to interface with Db2 for i. Many IBM i systems still rely on Basic Authentication (base64 encoding) which is trivial to decode, or outdated SSL/TLS 1.0 protocols.. If an attacker intercepts Bob’s API token, they gain the same “premium” access.

Step‑by‑step guide explaining how to enforce modern TLS 1.3 for API endpoints.
– Step 1: Configure SSL Store Permissions. Ensure the keyring file permissions are set correctly. Run:

SELECT  FROM QSYS2.SYSTOOLS.HTTP_VARIABLES WHERE VARIABLE_NAME = 'TLS_VERSION';

– Step 2: Enforce TLS in IWS (IBM Web Services for i). When creating a web service, do not select SSL or TLSV1. In the server configuration file (typically in /www/), update the `SSLClientVersionMap` and `SSLServerVersionMap` to explicitly exclude TLS 1.0 and 1.1, allowing only `TLSv1.2` and TLSv1.3.
– Step 3: Implement OAuth over Direct Database Logins. Avoid storing native IBM i passwords in the AI’s config file. Configure OAuth 2.0 providers to issue short-lived JWTs (JSON Web Tokens), limiting the window of opportunity for token theft.

5. The Procurement Trap: Passport Advantage

One comment from Charles Crampton (CEO, Akzium) highlighted a critical logistical vulnerability: “being forced to order via Passport Advantage pushes you back into an insanely outdated software buying process.”

From a security compliance standpoint, Passport Advantage’s complex licensing and mandatory annual reporting introduce governance risks. Organizations may accidentally under-license (leading to legal financial risk) or over-deploy resources without proper inventory. An AI moving code changes across environments must have its “virtual license” tracked in the IBM License Metric Tool, or the organization risks failing an audit, which carries a 30-day compliance reporting window. Security teams must be looped into the procurement phase to ensure the AI’s usage metrics (i.e., “Bobcoins”) align with the actual production footprint.

What Undercode Say:

  • Key Takeaway 1: The technical implementation of IBM Bob bypasses traditional “air-gap” security by integrating AI directly into the command line of legacy systems, requiring zero-trust architecture principles to be applied to the AI prompt inputs.
  • Key Takeaway 2: The primary security vulnerability is not the AI’s code generation quality, but the proliferation of outdated authentication (Basic Auth) and misconfigured IFS permissions that allow ransomware to move laterally via the new AI conduit.

Prediction:

As legacy AI models struggle with the idiosyncrasies of the IBM i stack (source physical files vs. IFS), we will likely see an increase in accidental ransomware attacks caused by improperly trained AI agents moving or deleting source members. Consequently, third-party observability and “AI Firewalls” specifically designed for the Power Systems architecture will emerge as a billion-dollar market by 2028, forcing IBM to eventually roll these “premium” security controls back into the base operating system.

▶️ Related Video (74% Match):

🎯Let’s Practice For Free:

IT/Security Reporter URL:

Reported By: Tim Rowe – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow UndercodeTesting & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin | 🦋BlueSky