From legacy to launchpad: how mainframe modernisation can accelerate government AI aspirations

Government adoption of artificial intelligence (AI) is still in its early stages — and laying the right foundations now is essential for long-term AI maturity and impact. As Australia’s public agencies explore the use of AI assistants and automation tools to enhance citizen services, a key question will inevitably emerge: how can they scale AI initiatives while protecting sensitive data, maintaining compliance, and keeping costs well within budget?

The answer lies in the infrastructure asset governments already trust: their mainframe. Kyndryl’s 2025 State of Mainframe Modernization report found that most organisations — including those in the public sector — plan to invest over AU$48.4 million in AI directly tied to mainframe modernisation. By modernising and extending the capabilities of this proven platform, agencies unlock the ability to run AI directly on their mainframes, gaining a secure, self-managed and resilient environment to scale AI adoption for years to come. The next step is to pair that modernised platform with agentic AI services that can help run and manage the mainframe itself, orchestrating AI agents across applications and infrastructure. This allows the mainframe to become more self-managing and proactive.

Build an AI-centric future where your data resides

For government leaders, the enduring challenge in scaling AI is the need to balance rapid innovation with stringent requirements for data security, sovereignty and regulatory compliance. AI models depend on timely access to high-quality data, so agencies must determine where that data can be safely processed and stored without introducing unnecessary risk. This isn’t just a technical question — it’s a governance imperative.

That’s because the sensitive nature of public sector datasets renders the normal approach of distribution across multiple clouds or databases non-viable. Such fragmentation doesn’t just introduce latency to AI models and inconsistencies to AI output, it also expands the attack surface at a time when security is emerging as a top consideration for modernisation strategies. Kyndryl’s report found that 28% of Australian organisations chose to keep applications on the mainframe due to security reasons. The stakes are considerably higher for the government, as every new storage location becomes another point of potential failure — and another opportunity for threat actors to disrupt essential services or access citizen information.

A more secure and efficient approach is to run AI directly on the mainframe, where decades of trusted, mission-critical data already live. This gives agencies a familiar and tightly-governed environment in which to experiment, test and deploy AI workloads. It also supports the enforcement of zero-trust controls around all data used or generated by AI systems. Centralising activity on the mainframe allows teams to apply comprehensive access controls, stronger encryption, and real-time monitoring — achieving end-to-end protection without diffusing oversight across multiple platforms.

This doesn’t mean agency teams must trade security for performance or speed. Running AI workloads close to data sources and systems of record reduces the delays that typically result from shuttling data between clouds or external databases. When a second or even a millisecond of latency can compound and impact the quality of AI output, it’s crucial that agencies take every necessary step to safeguard the accuracy and integrity of AI-enhanced internal workloads or public-facing essential services.

Some modernisation solutions also come with integrations that enable seamless linking with cloud and distributed environments — a key advantage in a hybrid government ecosystem. Agencies can expose mainframe data through APIs, integrate with cloud-native services, and support AI tools operating across both environments with far lower latency. This tight integration ensures AI models can interact with essential applications wherever they reside, without compromising security, responsiveness, or compliance. What’s more, when combined with agentic AI frameworks, this hybrid approach can also automate complex cross-platform workflows, using AI to monitor mainframe health, trigger repeatable operational actions and apply consistent policies, which in turn increases agility while reducing operational cost and risk.

Key considerations for mainframe modernisation

For agencies beginning their mainframe modernisation journey, the first step is acknowledging that modernisation isn’t a single project — it’s a phased, strategic program. Start with clear workload assessments: by identifying which applications tied to AI strategies are best modernised on-platform, which require deeper cloud integration, and which (if any) could be migrated elsewhere. Establishing this ‘right workload, right platform’ blueprint ensures that modernisation supports both operational needs and AI-readiness from the outset.

Another critical and often underestimated consideration is talent. Modernisation requires specialised, multi-domain skills that span traditional mainframe operations, cloud architecture, AI and LLM integration, DevSecOps, and hybrid observability. The talent with these skills is often scarce and expensive, and public sector agencies will be competing directly with private organisations for them, especially in high-demand areas like AI and cloud. Add in other talent-related pressures — like retiring internal experts and the reluctance of newer staff to specialise in legacy platforms — and this talent gap can slow or even stall modernisation if not addressed early.

The good news is that agencies don’t have to modernise alone. Kyndryl’s research shows that two-thirds (66%) of Australian organisations are already leveraging external partners to accelerate progress, close capability gaps, and ensure modernisation meets regulatory, security and performance standards. The right partner helps de-risk the journey and build a sustainable roadmap that supports successful AI outcomes — while enabling agencies to retain control over what matters most: their data, security and compliance.

This approach supplies government AI initiatives with the right talent and technical expertise — allowing agency teams to focus instead on evolving and delivering value to both the public and nation for years to come.

Image credit: iStock.com/baranozdemir