Graal Cloud Service

Graal Cloud Service (GCS) uses GraalVM native image, a technology to ahead-of-time compile Java code to a standalone executable. Additionally, the service leverages GraalOS, a new virtualization technology built on top of modern hardware features, such as control flow integrity and in-process memory protection features, compilation techniques to isolate untrusted code execution.

Internship details

The goal of this project is to extend GCS with new capabilities. We offer various topics depending on the skills and the interests of the candidate:

• Detect and mitigate metastable failures for applications running on GCS: Metastable failures1 are a class of failures in distributed systems in which a “sustaining effect” prevents the system’s quick recovery after a temporary “trigger”. These failures can be sustained by so-called “Workload Amplification” or “Capacity Degradation Amplification” effects. Examples of sustaining effects include retries, garbage collection, look-aside cache. The GCS platform, acting as a cloud orchestrator managing all/parts of the distributed components of the application and with its virtualization layer, offers the opportunity to detect those issues with a better overview of the states of the components. It can also offer the possibility to correct those issues with or without the aid of the application framework.
• Secure and optimized cross-isolate communication for GraalOS: The BlackBox paper describes a technique to improve container isolation. Traditionally, container isolation is guaranteed by the operating system. However, operating systems are big code bases that occasionally have vulnerability. Instead, BlackBox runs a container security monitor (CSM) between the container and operating system. The CSM creates protected physical address spaces (PPASes) for each container such that there is no direct information flow from container to operating system or other container PPASes. The authors make clever use of the hardware’s virtualization support to run the CSM at the level of a hypervisor, i.e. a higher privilege than the kernel and user space. However, the CSM is not a hypervisor itself: it still delegates memory management and task scheduling to the OS. Containers are prohibited from accessing each other’s memory and communication between the container and OS is encrypted. In the context of GraalOS, one internship topic would be to investigate the current techniques by which Native Image Isolates are isolated, and whether the techniques from BlackBox can be used to improve this isolation.
• Platform to analyze application usage to optimize Graal VM Native Image creation: GraalVM Native Image compiles Java code ahead-of-time to a standalone executable. It has the benefit of significantly improving startup time as well as memory footprint. However, peak performance of native image is lower than peak performance running on a traditional JVM that does just-in-time compilation. GraalVM can apply profile-guided optimizations (PGO) for additional performance gain and higher throughput of native images. With PGO, one collects the profiling data in advance and then feeds it to the native image builder, which will use this information to optimize the performance of the resulting binary. The goal of this internship is to extend the Graal Cloud Service to automatically generate and apply profiling data for applications that are running on the platform, effectively simplifying the generation of optimized native images.
• Automatically derive OCI IAM policies: In this internship, we will explore automatically generating OCI IAM policies for a given native image application. First, we will use static analysis to understand the application’s usage of the OCI SDK. Second, analyzing OpenAPI specification (and source code) of OCI cloud services, we will build a database of the permissions for each REST operation. Putting the two information together will enable generating policies, optimizing for giving the least privilege possible to the application
• Query engine on top of Java heap dumps and compilation trace to aggregate and find 3rd party issues: JVMs have numerous configuration options and finding their optimal values can be challenging even for experienced developers. Analyzing runtime application metrics could come at help to recognize incorrectly set parameters and determine an optimal value for them.
  
  The goal of this internship would be to suggest recommendations for JVM parameters by analyzing runtime metrics and applying these suggestions in a test environment to confirm performance improvement.
• Large scale Java traces collection using record replay: Debugging is a time consuming task that consumes a large amount of a developers time. It is challenging to identify the root cause of an incident especially when an application is running in the cloud.
  During this internship, there will be a tool developed that collects and stores java execution traces and state to be able to replay the application state on demand

How to Apply

In order to apply, please send an email to gcn-internships_us_grp@oracle.com including the following:

• Your CV or link to your home page containing your curriculum
• Description of your motivation and area of interest
• Your preferred internship dates & location

Graal Development Kit (GDK)

The Graal Development Kit for Micronaut (GDK) is a curated set of open source Micronaut® framework modules designed from the ground up to be compiled ahead-of-time with GraalVM Native Image resulting in native executables ideal for microservices. The Graal Development Kit for Micronaut lets you take full advantage of powerful cloud services without coupling to proprietary platform APIs. The lack of standard APIs across clouds makes it nearly impossible to write portable applications, but with the Graal Development Kit for Micronaut portability becomes possible. Leverage services such as object-storage, monitoring, security, secret management, and more and deploy to popular cloud platforms.

Learn more: https://graal.cloud/gdk/

Possible Research Areas

• Templates and tools for accelerate the development of cloud native services for Oracle Cloud
• IDE-based tools for improving developer productivity
• Abstractions over Services available on Multiple Clouds
• Deep integration with Multiple Clouds

Point of Contact

To apply, please send an email with the required information (see How to Apply above) to julia.kindelsberger@oracle.com.

AI/ML in Database

Oracle Labs is performing research aiming at making Oracle Database efficiently support and integrate with the latest AI / ML technologies. We offer various topics depending on the skills and the interests of the candidate:

Enhancing performance of vector similarity searches

Efficient vector similarity searches are key to any AI application. The usual technique to make vector similarity searches fast is by constructing dedicated vector indexes that are able to trade some small accuracy in the final answer for a blazing fast search time. Nevertheless, when integrated such indexes in an enterprise database particular challenges emerge: how to efficiently maintain the vector index transactional consistent ? or how to efficiently fuse the vector index searches with other type of relational/graph searches? We are actively exploring solutions for these challenges and we aim to deliver a best in class vector index in Oracle Database.

ML / LLM model execution in database realm

Gaining insights from data stored in a database management system (DBMS) through machine learning is increasingly important in enterprise applications. However, exporting data from a DBMS into stand-alone ML infrastructure is often not an option due to performance and regulatory requirements. Instead, users should be able to use machine learning models and LLMs as an integral part of database processing directly in the DB realm, close to the data. This integration of two seemingly unrelated kinds of systems offers compelling advantages for ML-based applications. Our group at Oracle Labs investigates techniques to tightly integrate machine learning workloads and large-scale ML / LLM processing in Oracle DB realm. Towards this goal, we work on exciting challenges across the entire stack of database systems architecture.

Graphs for AI and Graphs at scale

Graphs are a powerful tool to leverage latent information stored inside data connections. Starting 23ai Oracle DB provides support for graphs in SQL. At Oracle Labs we are looking at graph challenges from multiple angles. First, we are investigating how users can talk natural language to their graphs, more specifically how state of the art LLMs can be used to generate a graph query from a natural language input. As graph query languages are not very well known to many LLMs getting the right generated query can be a challenge. Second, we are exploring how graph traversals can enhance the retrieval context used in RAG pipelines by aggregating information from multiple dots. Last but not least, as the number of connections grows exponentially in today’s data, being able to process graphs at scale, next to the data, inside database becomes increasingly relevant. We are exploring solutions to address these challenges and bolster the efficiency and adoption of SQL graphs.

Point of Contact

To apply, please reach out to: vlad.haprian@oracle.com.

AI/ML Technology for Enterprise Applications

Oracle Labs is advancing core AI/ML technologies and collaborating with OCI, Fusion, Database and GIU product teams to apply these innovations through Oracle’s unified platform. We offer various topics depending on the skills and the interests of the candidate:

Multi-Agent systems

Multi-agent systems are revolutionizing the landscape of intelligent automation by enabling distributed collaboration among autonomous agents. Strong multi-agent capabilities are essential for seamlessly composing diverse functionalities, allowing agents to coordinate tasks, share knowledge, and dynamically adapt to evolving environments. By refining inter-agent communication protocols, optimizing decentralized decision-making strategies, and implementing scalable coordination frameworks, multi-agent systems can unlock new levels of efficiency and problem-solving potential. As research advances, the ability to integrate specialized agents into cohesive, high-performing systems continues to shape the future of intelligent, cooperative computing. We are continuously exploring approaches to address these fundamental challenges and fully harness the potential of agentic systems.

Enhancing Multi-Agent System Composition

Emerging advancements in agentic systems promise to significantly elevate both performance and efficiency. By incorporating strategies such as input context reduction, these systems can process and analyze vast amounts of data more cost-effectively. Enhanced robustness and accuracy techniques enable agents to make well-informed decisions and execute actions with greater precision. Additionally, continuous adaptation methods enable these systems to learn from user interactions, steadily refining their capabilities over time. Together, these techniques mark a transformative step in the evolution of intelligent, adaptive agents. We are continuously exploring approaches to address these fundamental challenges and fully harness the potential of agentic systems.

Enhancing Semantic Search Pipelines for Improved Relevance in AI Applications

Semantic search plays a crucial role in surfacing meaningful and contextually relevant results, particularly in knowledge-intensive applications. Traditional keyword-based search methods often fail to capture the nuances of user intent, leading to irrelevant or incomplete results. To address this, semantic search pipelines must evolve to leverage more advanced embeddings, retrieval models, and query understanding mechanisms.

In the realm of retrieval-augmented generation (RAG) with large language models, the need for highly relevant search results is even more pronounced. The accuracy of retrieved context directly impacts the quality of generated responses, making improvements in semantic search a foundational element of AI-driven reasoning. Our group at Oracle Labs explores novel approaches to optimize retrieval mechanisms, refine ranking strategies, and improve semantic representations within database-integrated search pipelines. By advancing these techniques, we aim to enhance AI-driven applications across various domains, ensuring more precise, trustworthy, and context-aware results.

Data Science Agent

Enterprises hold vast amounts of untapped data, yet a shortage of data science expertise often limits their ability to fully leverage it. An LLM-backed data science agent has the potential to unlock significant value through advanced analytics and machine learning. While developing and testing such an agent to reliably handle diverse data formats is a major challenge, it is only one piece of the puzzle. We are actively exploring solutions to not only manage heterogeneous data sources, but also to extract maximum actionable insight—transforming raw data into clear, contextualized outputs. Our vision is to empower both technical and non-technical users with intuitive access to analytics, and equip them with predictive models to drive smarter, forward-looking decisions. The goal is a robust, adaptive data science agent that democratizes data-driven intelligence across the enterprise.

Software & Application Development Agents

Agentic systems have the potential to revolutionize software and application development by assisting developers in everyday tasks—such as implementing specifications and resolving bug reports—and by enabling non-technical users to build applications for managing business data. These agents can also streamline the development workflow through automated test generation, code reviews, and build failure inspections. However, achieving these benefits requires intelligent agents equipped with advanced programming and domain expertise, a deep understanding of complex codebases and error logs, and the ability to interact with diverse systems like task tracking tools, IDEs, and no-code development platforms. We are committed to identifying innovative strategies to address these challenges and fully unlock the capabilities of software development agents.

Financial Crime Investigation Agent

Financial institutions face mounting pressure to detect and respond to sophisticated financial crimes, yet traditional investigative workflows remain slow, fragmented, and heavily manual. We are exploring the use of LLM-backed AI agents to transform this process—automating the collection of evidence, generating contextual narrative summaries, and surfacing suspicious activity with greater speed and consistency. Our work focuses on building adaptive, trustworthy systems that support investigators by accelerating decision-making without sacrificing accuracy. The long-term vision is to develop a fully autonomous AI agent capable of conducting end-to-end investigations, dramatically reducing the need for manual review and redefining how financial crime is addressed at scale.

Intelligent Data Ingestion

For data to be useful to an analyst or an automated agent, its structure needs to be understood and documented. Generating high-quality metadata for external data sources from raw data tables and sparse documentation is a challenging task. We employ state-of-the-art techniques involving large language models, retrieval-augmented generation, and agentic workflows to understand and describe the external data. The generated metadata enables automatic schema linking, empowers downstream applications, and accelerates onboarding of new customers.

Knowledge Graph Extraction and Graph RAG

Unstructured data is ubiquitous and poses a substantial challenge in many real-world applications, such as processing clinician notes to track a patient’s medical history. The development of robust techniques for extracting information, entities, and relationships is essential for efficiently working with large amounts of unstructured data. We leverage modern natural language processing methods and large language models to extract knowledge graphs and enable graph-based retrieval-augmented generation, thereby supporting specialists in making informed decisions.

Explainability for AI Agents

Existing explainability techniques for LLMs offer insights into individual generations—whether at the token, sentence, or paragraph level—but LLM agents often rely on multiple generations from one or more models to answer a single user query. While these agents can be prompted to explain their actions or responses, they are not inherently trained to provide faithful, comprehensive explanations. Depending on the implementation, an LLM may lack access to all the relevant information needed to accurately clarify its overall behavior, potentially leading to hallucinations. To enhance transparency, it is essential to combine state-of-the-art LLM explanation methods with agent systems to deliver reliable and accurate insights into an agent’s actions. We are exploring solutions to address these challenges and bolster the trustworthiness of agent explanations.

Unintended Bias in Agents

LLMs are designed to learn and mimic biases from vast amounts of textual data scraped from the internet, inadvertently absorbing—and sometimes amplifying—unintended human biases. Accurately detecting and mitigating these biases remains a significant challenge, as LLMs can learn an uncountable number of subtle and unintended biases. This challenge becomes even more complex in LLM agents and multi-agent systems, where biases can manifest across multiple layers of interactions. We are exploring multiple strategies to detect and mitigate these biases, aiming to enhance the fairness and reliability of our models and systems.

Point of Contact

To apply, please reach out to hesam.fathi.moghadam@oracle.com.

Intelligent Application Security 2

The Intelligent Application Security team at Oracle Labs works on innovative projects in the application security space spanning areas like program analysis, program repair, machine learning, software composition analysis, malware detection, and runtime protection. The team is based in Brisbane, Australia with a few remote members based in Austria. Internships in the IAS team offer exciting opportunities to those who are passionate about improving application security. The ideal candidate will relish the challenge of developing techniques that are precise and can be applied at scale.

Our internships cater to a wide variety of students studying computer science or software engineering including those who are in the final year of their undergraduate degree or are undertaking research at the master's or PhD level. As a research intern, you will have the opportunity to work alongside a world class team of researchers and engineers as part of one of the below projects:

RASPunzel

Project RASPunzel aims to deliver an automated and scalable runtime application self-protection (RASP) solution for Java. RASPunzel automatically synthesizes and enforces allowlists for various sensitive operations like Java deserialization, JNDI lookups, SQL operations and crypto usage.

Below is a selection of research topics that you'd potentially be working on:

• Synthesis of RASP security monitors
• Automated program repair based on RASP monitors
• Policy inference and enforcement for cloud native applications
• RASP-based threat intelligence gathering and analysis

Macaron

Macaron is an extensible supply chain security analysis framework from Oracle Labs that supports a wide range of build systems and CI/CD services. It can be used to prevent supply chain attacks or check conformance to security frameworks, such as SLSA.

Below is a selection of research topics that you'd potentially be working on:

• Automated malware analysis
• Hardening build pipelines using Cloud Confidential Computing and keyless signing
• Automated build system analysis including containerized environments
• Policy enforcement in Kubernetes deployments

Learn more about Macaron on GitHub

TOFFEE

Project Toffee is aimed at enabling automated program repair by leveraging on program analysis techniques as well as the latest advancement in pre-trained and large language models (LLMs). The overall goal is to reduce the manual effort required in bug localization and repair by at least 50%. Automated bug localization is a stepping stone for a broader automated program repair. The objective here is to generate human-in-the-loop solutions to reduce the manual tasks involved in typical bug localization processes as much as possible. On the automated repair side, the objective is to combine program analysis with machine learning to fix bugs automatically starting with pattern driven bug fixing to more complex bugs requiring proper program analysis.

Below is a selection of research topics that you'd potentially be working on:

• Application of large language models (LLMs) for bug localization
• Automated bug reproduction leveraging on LLMs
• Automated test prioritization, and LLM driven automated program repair

Intelligent Application Security

Intelligent Application Security explorations combine techniques and tools from the above projects to devise applied enhancements to DevSecOps processes, thereby delivering benefits in the form of developer and SecOps efficiencies as well as advancing state of the art in application security. As an example, this includes closing the loop techniques where security alerts produced using a tool or technique can also be used to automatically synthesise targeted repairs for security issues that have been identified in code, build scripts and CI pipelines.

Point of Contact

To apply, please send an email with the required information (see How to Apply above) to ias-internships-au_au_grp@oracle.com.

LLMs for Assistants and Code Generation

Our goal is to leverage LLMs to enhance user experiences and simultaneously streamline the software development process. Therefore, we are developing intelligent LLM-driven assistants, both user- and developer-facing, aiming to create smarter applications and a more productive, intuitive experience for developers.

Possible Research Areas

• LLMs for Virtual Assistants
  • How can we boost the reasoning capabilities of LLMs for applications with complicated state & data?
  • How can we teach LLMs with less human intervention?
• LLMs for Coding & the Software Development Lifecycle
  • LLMs for code generation (Text2SQL, Text2Java, …)
  • LLMs for writing new code in complex codebases
• LLMs for Semantic Search
  • How can we use LLMs to better comprehend the intent and contextual meaning of search queries?
  • How can we integrate the LLM’s insights in the information retrieval process?

How to Apply

In order to apply, please send an email to labs-hiring_ww@oracle.com including the following:

• Your CV or link to your home page containing your curriculum
• Description of your motivation and area of interest
• Your preferred internship dates & location

The duration of the internship can vary based on the candidate's constraints. The usual duration is 6 months. We pay a competitive salary depending on the location of choice. By sending in your application you opt-in for processing your personal information.

In case you would like to opt-out from your internship application, please send an email to labs-hiring_ww@oracle.com

AI/ML for Cybersecurity

Oracle Labs is advancing collaborative research to apply AI/ML technologies for improved security and operational efficiency. We offer various topics depending on the skills and the interests of the candidate:

Agents for Enhanced Security

There is a potential for agentic systems to greatly assist security efforts through use cases such as helping investigators analyze incidents and vulnerabilities, enabling administrators to understand and remediate exposures, and even simulating offensive security techniques to detect emerging threats. Enabling these use cases requires intelligent agents with deep security expertise, a solid grasp of complex infrastructure deployments and application logs, and the ability to integrate with existing security systems. We are actively identifying innovative strategies to overcome these challenges.

Agents for Architectural Drift Detection

Cloud application architectures continuously evolve to meet dynamic requirements. However, these changes can introduce security risks by deviating from established security standards. Understanding whether architectural modifications degrade the security posture of an application is a complex challenge, requiring advanced automated solutions. Drift Detection aims to identify and highlight potential security risks arising from architectural configuration changes, minimizing the likelihood of security breaches. The key question is: Are these architectural changes aligned with security best practices, or do they introduce potential vulnerabilities? This internship will focus on developing Agentic system for drift detection mechanism to monitor and analyze architectural changes. Additionally, we aim to identify security-critical patterns that should not occur.

Agents for Cloud Operations

There is a potential for agentic systems to greatly assist cloud operators through use cases such as supporting the investigation and mitigation of cloud application incidents and automating repetitive processes, like updating multiple tickets for cascading incidents across services. Enabling these use cases requires intelligent agents that possess a deep understanding of complex infrastructure deployments, the ability to analyze application logs, and the capacity to interact with existing cloud services, such as Cloud Ops platform. We are exploring innovative solutions to address these challenges.

Point of Contact

To apply, please reach out to: andrea.romano@oracle.com.

Software Supply Chain Security in the Cloud

Adoption of third-party open-source software (OSS) has increased significantly over the last few years. And for a good reason: OSS helps developers lower costs and reduce time to market by reusing existing components as building blocks for their applications. At the same time, vulnerabilities in OSS pose a significant risk to application security. Developers need to keep track of their (transitive) dependencies, known vulnerabilities (CVEs), and upgrade dependencies whenever a new CVE is found. Application Dependency Management (ADM)[1] is an OCI-native service that helps managing dependencies in the customers software supply chain. ADM is exploring and researching the software composition analysis space to help users manage the risk associated to using 3rd parties.

Potential topics

The goal of this project is to extend the Application Dependency Management cloud service with new capabilities in the areas of automated tuning and upgrades, patching security vulnerabilities in application dependencies and automated testing. We offer various topics depending on the skills and the interests of the candidate:

• Back-porting forked open source projects:

  This internship topic explores the automated detection and resolution of security vulnerabilities in forked open-source projects. With the freedom to modify the codebase, developers often create forks to suit their specific needs. However, ensuring the security and upkeep of these forked projects is crucial. During this internship, participants will focus on developing proactive security measures. They will learn about the importance of staying up-to-date with the original project’s updates and security patches. The key challenge is to automate the process of detecting vulnerabilities in the forked codebase and efficiently backporting fixes. By embracing automation, participants will contribute to enhancing the security posture of forked projects. This internship provides a unique opportunity to gain hands-on experience in secure software development practices, fostering a culture of continuous security improvement

• Securing Java Applications: Designing an Android-inspired Permissions System:

  This internship topic focuses on addressing the security challenges associated with third-party open-source dependencies in Java applications. The project involves designing and developing an innovative permissions system, drawing inspiration from Android’s runtime permissions model. This system aims to provide fine-grained control over the permissions granted to third-party components, enhancing overall application security. During the internship, participants will delve into software development and security engineering, gaining insights into permissions management. They will learn to identify and assess security risks posed by open-source dependencies and design a user-friendly permissions framework that ensures a secure yet functional application environment. By the end of the internship, participants will have created a robust permissions system, providing developers with a powerful tool to manage permissions effectively. This will reduce the attack surface and mitigate potential security vulnerabilities in Java applications. This internship topic offers a unique opportunity to contribute to secure software development practices, equipping participants with practical skills and experience in tackling security challenges in the real world.

• Incident Response in Microservices: A Zoom-in Approach:

  In a microservice environment, it can be challenging to identify the root cause of an incident due to the distributed nature of the system. The zoom-in approach involves examining incidents at different levels, including the interaction between microservices and the internal trace of each microservice. By doing so, investigators can analyze incidents in detail and identify the root cause more quickly and accurately. The goal of this internship is to help organizations improve their monitoring and troubleshooting capabilities in the cloud by using record/replay trace and open tracing to identify and analyze incidents in detail. By being able to see the trace on different levels in a microservice environment, organizations can better understand how their system is functioning and quickly identify any issues.

• Using kernel level instrumentation to automatically derive build provenance

  While producing SBOM sounds easy in theory (many package managers such as Maven and NPM have functionalities to list all the declared 3rd parties), it is hard in practice. Software stacks are polyglot (multiple programming languages), composed of in-house scripting logic for building (e.g. download dependency from the Internet) and others. In this internship, we explore the feasibility of using eBPF (an advanced Linux kernel-level instrumentation mechanism) to monitor the build processes, observe file and network accesses and reconstruct all the input used for building the software.

[1] https://docs.oracle.com/en-us/iaas/Content/application-dependency-management/home.htm

How to Apply

In order to apply, please send an email to: labs-hiring_ww@oracle.com including the following:

• Your CV or link to your home page containing your curriculum
• Description of your motivation and area of interest
• Your preferred internship dates & location