Legacy government systems enter the AI era

While NASA navigates rovers across Mars with the help of AI, federal agencies continue to process critical operations on COBOL — a programming language that predates the first moon landing by a decade. This technological time warp costs taxpayers over $337 million annually, with that figure climbing each year as the number of developers familiar with the language continues to dwindle.

The systems used by essential federal agencies, such as the Department of Health and Human Services, the Social Security Administration and the Centers for Medicare and Medicaid Services, still run critical systems on outdated languages like COBOL, and the urgency to refactor and upgrade extends beyond rising costs.

Legacy systems represent an expanding attack surface with diminishing defensive capabilities. With each passing year, the risk of catastrophic system failures that could interrupt benefit payments, compromise sensitive information, or create processing backlogs affecting millions of citizens increases.

Many agencies have postponed comprehensive modernization efforts, opting instead to maintain legacy systems and address vulnerabilities as they emerge. This approach has resulted in technical debt that multiplies like compound interest.

As agencies face increasing pressure to enhance efficiency, the public sector has an opportunity to enter the AI era with a critical use case: modernization. I previously wrote about the importance of modernizing legacy applications with memory-safe code and how agencies can leverage AI to accelerate what was once an unwieldy, time-intensive process. 

Now is the time to put modernization initiatives into motion. AI-powered modernization tools can transform what was once a years-long endeavor into an accelerated path for agencies to retire their COBOL and legacy language dependencies.

The basics of code refactoring

Retiring COBOL starts with one fundamental process: code refactoring. It is an approach that enhances the design and stability of existing code, enabling the secure modernization of legacy code without altering its functionality.

Traditional refactoring techniques include inline refactoring, which restructures outdated elements of code, and abstraction, which removes duplicate code. But these conventional approaches are time-consuming, require skilled developers familiar with outdated languages, and demand extensive testing to ensure their effectiveness.

While federal agencies recognize the long-term necessity, it can be challenging to justify the short-term resource allocation when a return on investment might be years away.

Code modernization with AI

AI is the key to making the code refactoring process attainable. It’s an approach that developers are turning to across industries — GitLab research shows 34% of organizations already use AI in their software development lifecycle, including for code modernization.

AI-powered tools excel at the labor-intensive tasks of the refactoring process, such as deciphering complex legacy code and generating modern code that retains its functional integrity. For developers with little COBOL experience, these tools act as translators between programming generations. 

After modernizing the code, AI can also enhance it by identifying security vulnerabilities, suggesting optimizations and automating comprehensive testing. For government agencies with strict security and compliance requirements, this automated hardening of codebases addresses a critical barrier to modernization. The result is reducing the modernization process from years to months.

Software development for the future

While addressing COBOL’s legacy challenges is essential, forward-thinking government agencies must simultaneously adopt modern software development practices that prevent creating tomorrow's technical debt today. A DevSecOps platform enables developers to rapidly build software with AI support and security integrated into every line of code.

In this environment, AI can serve as both an accelerator and a guardian. Tools like AI-powered code suggestions can incorporate federal compliance requirements and generate secure, optimized code that meets government standards from the start. At the same time, vulnerability scanning can identify and remedy potential security risks before deployment. This shift frees developers’ time from routine coding tasks to higher-value work that demands human expertise.

The collaborative aspects of AI extend beyond code generation to support person-to-person collaboration. By summarizing comments in code discussions, flagging potential integration issues, and tracking compliance requirements, AI tools streamline communication between distributed development teams.

Security also becomes a continuous, integrated process rather than a gate at the end of a project. AI-powered vulnerability detection doesn't just identify risks faster — it can contextualize them against federal security requirements, suggest specific remediation approaches and learn from each project to strengthen future development.

The federal government has made significant progress in leveraging technology to serve citizens and protect national security. By embracing AI-powered modernization for legacy systems and new development, agencies can escape the costly cycle of managing legacy technical debt while building more responsive, secure and adaptable digital infrastructure for the nation's future.