Telefónica is working with Nokia to test how AI agents can support the use of network APIs
In sum – what to know:
Open Gateway limits – Harmand said today’s API-centric model works for atomic capabilities, but becomes structurally inefficient for complex, context-driven problems like fraud prevention.
Intent-based orchestration – A2A and MCP shift developers from manually chaining APIs to expressing objectives (e.g., “assess fraud risk”), with agents dynamically discovering and composing network tools.
Governance before scale – Commercial deployment depends less on technical viability than on trust frameworks, including agent authentication, authorization, privacy, and auditable controls.
Earlier this month, Telefónica and Nokia announced a collaboration to test how AI software agents could support the use of network APIs, as part of the GSMA Open Gateway initiative to standardize access to telecom network capabilities.
Initial testing has focused on a fraud prevention use case in a lab environment. Telefónica is using Nokia’s Network Exposure Platform to expose network APIs and related functions — including SIM swap and device swap — while Nokia’s Network as Code platform aggregates those capabilities for application developers through an Agent-to-Agent (A2A) format. The work centers on two emerging protocols: Agent-to-Agent Protocol (A2A), which enables AI agents to coordinate tasks, and Model Context Protocol (MCP), which provides a standardized way for AI systems to access external tools and data.
Telefónica Core and Platforms Senior Manager Alex Harmand told RCR Wireless News that today’s Open Gateway model works well for individual, “atomic” network functions, but becomes less effective when developers need to solve more complex, context-driven problems. “For example, in an anti-fraud scenario, we must manually orchestrate multiple APIs — roaming verification, SIM swap, device swap, and others,” he said. “Today, there is no single anti-fraud API; the client must call each specialized API individually and implement the risk logic themselves.”
That approach, he explained, requires operators to build and maintain an orchestration layer that embeds scoring logic, manages integrations, and handles versioning. Each new fraud signal — such as a scam indicator — can trigger code changes and new API releases, with much of the intelligence remaining fixed in the integration layer.
“A2A and MCP shift this model from contract-driven orchestration to intent-driven execution,” Harmand said. Instead of calling predefined APIs, developers could express a higher-level objective — such as “assess fraud risk” — and an AI agent would dynamically identify available tools, combine them, and adapt as new capabilities or versions are introduced. “In short, we move from static API composition to adaptive, intent-based capability orchestration,” he said, arguing that the approach could reduce complexity and improve resilience as network services evolve.
Telefónica and Nokia said they plan to test additional use cases and share insights with the broader industry, though Harmand noted that commercial deployment will depend largely on customer demand. “Technically, the use case is viable today,” he said. “The core fraud-prevention logic works, and the agent can already reason over the available capabilities and compose them effectively.”
Before deployment, however, Harmand said several areas must be fully addressed, particularly around trust and governance. These include strong authentication and authorization for agents, enforceable policy controls and auditability for fraud-related decisions, and clear privacy and consent mechanisms.
“The biggest risk is not autonomy itself,” Harmand added, “but ensuring control, trust, and accountability once autonomy is introduced.”
He emphasized that agents must operate strictly within operator-defined constraints and should never be “self-authorizing entities.”
“The critical failure point would be introducing autonomous coordination without a robust governance and trust framework,” he said. “But when these controls are properly engineered, agentic systems do not reduce operator control — they elevate the abstraction layer while preserving authority over execution.”
