Multi-layered protection at every stage of the translation pipeline. From invisible Unicode threats to supply chain attacks — we defend your most critical code with the rigor it deserves.
Before any COBOL source touches our translation engine, it passes through four layers of input validation designed to catch everything from invisible Unicode exploits to embedded credentials.
We scan for 30+ categories of invisible and confusable Unicode characters — zero-width joiners, bidirectional overrides, homoglyph attacks, and Trojan Source exploits. If it's not visible in your editor, we'll catch it.
Multi-layer detection for prompt injection attempts embedded in COBOL source, comments, or copybooks. Pattern matching plus semantic analysis ensures adversarial inputs never reach the AI model.
Automatic detection of hardcoded passwords, API keys, Social Security numbers, credit card numbers, and other sensitive data in source files. Flagged before translation begins.
Configurable guardrails prevent denial-of-service through oversized inputs or pathological COBOL structures. Complexity scoring ensures the engine operates within safe bounds.
AI-generated code doesn't ship until it passes four independent validation gates. No dangerous patterns. No compilation errors. No business logic drift.
Static analysis scans translated output for dangerous patterns — System.exit(), Runtime.exec(), file system access outside sandbox, network calls, and reflection-based exploits. Blocked before delivery.
Every translated Java file is compiled with javac in a sandboxed environment. If it doesn't compile cleanly, it doesn't ship. Zero tolerance for syntax errors or unresolved dependencies.
Automated scoring compares the semantic behavior of translated code against the original COBOL. Control flow, arithmetic precision, and edge cases are all validated against known-good outputs.
Integrated NeMo Guardrails provide an additional AI-native safety layer — constraining model outputs to approved patterns and preventing hallucinated code constructs from reaching production.
The translation pipeline contains zero third-party code. Every dependency is audited, every commit is scanned, and the full pipeline is open to client security review.
All dependencies are audited and lockfile-verified. No phantom packages, no typosquatting risk. SBOM (Software Bill of Materials) available for every release.
Git pre-commit hooks scan every code change for invisible Unicode characters before it enters the repository. The same scanner that protects your code protects ours.
The core translation pipeline is 100% first-party code. No third-party libraries participate in the COBOL-to-Java translation path. Minimal attack surface by design.
Our Unicode and input security scanner is available as open-source for client security teams to audit, extend, and integrate into their own CI/CD pipelines.
COBOL2Now deploys directly into your infrastructure — no cloud dependencies, no data exfiltration risk, complete operational control.
Your COBOL source code never leaves your network perimeter. Processing happens entirely on your hardware.
Full support for air-gapped environments. No internet connectivity required for translation or validation.
Zero telemetry, zero data collection, zero phone-home. The engine operates silently within your infrastructure.
Every translation, validation, and decision is logged locally. Complete traceability for compliance and forensics.
COBOL2Now's architecture maps directly to the controls your auditors expect. We don't bolt on compliance — we design for it.
We believe in transparent security. Download our whitepaper for the full technical details, or schedule a review with our security team.
Questions? Reach out to security@cobol2now.com