If your AI workloads run in containers, then securing those containers is the first and most important step in protecting your AI. And as enterprises begin to deploy containerized AI workloads on Red Hat OpenShift for mainframe environments, that priority becomes even more urgent.
IBM Z and IBM LinuxONE, long trusted to power the world’s most critical business systems are now evolving into innovation hubs, supporting advanced, containerized applications. With this transformation comes a new challenge: securing the infrastructure behind your most sensitive and high-stakes workloads
Mainframes: AI Infrastructure for Next Generation Applications
The rise of generative AI and large language models (LLMs) has changed how organizations build and deliver value. From real-time fraud detection to intelligent customer support, AI is becoming embedded in nearly every business function. According to a recent McKinsey study, “78 percent of respondents say their organizations use AI in at least one business function, up from 72 percent in early 2024.”
These AI workloads are built and deployed in containers. Why?
Containers offer portability, scalability, and efficiency, which makes them ideal for AI training, inference, and everything in between. IDC projects that 1 billion new logical applications will be created by 2028, resulting in more than 10 billion container instances across enterprise environments.
These billions of containers won’t just run in a general purpose cloud. They will be deployed on purpose built hardware. For regulatory, proprietary, or even cost reasons, many of these models will be deployed on-prem. The efficiency of the on-prem platforms are hard to beat when you leverage hardware platforms you already have, like IBM Z.
AI and Containerization on the Mainframe
In regulated industries that require strict data control and high performance, we expect adoption of AI specific on prem platforms like IBM Z to grow. Since much of the data that fuels AI models already lives on the mainframe, enterprises can bring AI to their data rather than bring their data to AI. This means running containerized AI workloads directly on IBM LinuxONE with Red Hat OpenShift, combining the agility of Kubernetes with the performance, resilience, and compliance of mainframe systems.
IBM LinuxONE empowers a multiple AI model approach, improving prediction accuracy with Telum II and enabling intelligent applications powered by Gen AI running on Spyre (expected to be available in Q4 2025). This new processor enhances the capabilities of the RedHat OpenShift Container Platform (OCP) with improved performance and reliability, making it an even more robust solution for enterprises.
Of course, with platform growth comes increased risk. The more they are adopted, the larger a target they will become. Further, containers are dynamic, interconnected, and ephemeral, making them difficult to protect with traditional security tools. Combined with the specific threats facing AI, such as prompt injection, model manipulation, and unauthorized access, the result is a growing attack surface that requires a modern, targeted response.
Introducing Aqua Secure AI
To address this challenge, Aqua Security recently launched Secure AI, the industry’s first full-lifecycle security solution purpose-built for AI applications. These capabilities protect containerized AI workloads across the entire software development lifecycle, from initial code scans to real-time runtime protection.
Secure AI is designed to meet the needs of modern enterprises, offering deep visibility into AI activity, policy-based governance, and active threat prevention without disrupting development workflows or requiring code changes.
With Aqua Secure AI, you can:
- Scan AI application code to detect unsafe usage of LLMs and insecure input/output handling
- Validate cloud service configurations to ensure AI services follow your internal policies
- Detect and respond to threats in runtime such as suspicious container behavior or AI-specific attacks
- Gain visibility into AI models, platforms, and versions across your environment
- Protect against prompt-based attacks like prompt injection, code manipulation, and jailbreaks
- Manage AI-related risks in a unified dashboard, giving security teams a single place to track and respond
AI introduces new behaviors that traditional tools struggle to detect, such as rogue prompts, unexpected outputs, or unauthorized agent interactions. Aqua Secure AI is built to recognize these behaviors and respond in real time, using intelligence gathered across development, infrastructure, and runtime layers.
Bringing Aqua Security to IBM Z and IBM LinuxONE
These AI-focused features build on Aqua’s deep experience securing container workloads on IBM Z and IBM LinuxONE. As enterprises modernize on these platforms using Red Hat OpenShift, Aqua helps secure every layer, from the build pipeline and infrastructure, to the runtime environment and application behavior.
For organizations using IBM Z and IBM LinuxONE, Aqua provides:
- Pre-deployment scanning for vulnerabilities, secrets, and misconfigurations
- Hardened protection for Kubernetes and guest OS infrastructure
- Runtime detection of anomalies in AI containers and workloads
- Compliance enforcement for PCI, HIPAA, GDPR, and other frameworks
- A unified policy engine that works across mainframe, cloud, and hybrid environments
Modernize Without Compromise
As AI applications scale, they are becoming high-value targets. Attackers are actively seeking out gaps in container security, especially where AI systems connect to sensitive data or make autonomous decisions. You already rely on IBM Z and IBM LinuxONE for secure, resilient computing. Now you can bring that same level of trust to your AI applications.
To explore real-world success stories and expert insights reserve your spot for this virtual event
Unlock the potential of industry-leading security and AI with IBM LinuxONE
May 13 at 10 AM ET.
With Aqua Secure AI, you can accelerate innovation while staying ahead of risk. By embedding full-lifecycle protection into your containerized AI workloads, you gain the visibility, control, and assurance needed to keep critical applications secure, no matter where they run. Have a look at the Aqua IBM solution brief for more information on securing AI on IBM Z and LinuxOne.