The GSMA’s latest Mobile Threat Security Landscape report reveals a whole host of AI-enabled security threats
There’s no denying AI is changing the face of security in telecoms. From catching fraud to spotting intrusions, it’s enabling operators to monitor vast, distributed networks at machine speed — surfacing anomalies that would be invisible to human analysts and responding to threats before they escalate.
But AI is equally daunting. As mobile operators embrace AI to boost their defences, they’re also opening new frontiers for cybercriminals — who often unashamedly use the same technologies to probe, mimic, and outmanoeuvre them.
Indeed, the GSMA’s latest Mobile Threat Security Landscape report reveals a whole host of AI-enabled security threats: including data poisoning and prompt injection attacks; Gen AI-powered scams; and synthetic identity fraud such as deepfakes.
Traditional rule-based systems are struggling to cope with the unpredictability and sophistication of such fast-evolving threats. Simply put, something has to give.
Fighting fire with fire: Smarter detection, faster containment
If attackers are using AI to get smarter, then operators need to do the same — and AI is already being put to use across key areas of telecoms security.
For example, AI models can identify abnormal network behaviour, helping detect potential threats such as DDoS attacks or network intrusions by sifting through huge volumes of data at machine speed, spotting anomalies that signal a threat long before human analysts would ever notice.
Fraud detection is another major use case. SIM card abuse, account takeovers, and revenue leakage all leave subtle digital fingerprints. AI is helping operators find them faster and respond more decisively.
It’s not just about detection — it’s about speed. AI-powered systems are enabling automated threat responses: isolating compromised devices, blocking malicious traffic, and even deploying patches in near real time. The result is less downtime, faster containment, and fewer chances for threats to spread.
AI securing the network, slice by slice
AI can also play a frontline role in securing modern 5G architectures, offering real-time threat intelligence and enhanced anomaly detection. AI can help ensure the security of network slices in 5G — where each slice can have different security requirements — by monitoring and managing the security posture of each slice in real time.
At the edge of the network, where mobile, IoT, and embedded devices connect, AI can scan for signs of compromise and patch known vulnerabilities. These smart, responsive endpoint protections are critical as the number of connected devices continues to grow.
Threat intelligence is also getting a boost. Operators are using AI to analyse shared threat data from across the industry, spotting patterns and identifying emerging attacks faster than ever.
Making AI cybersecurity resilient by design
Of course, AI isn’t just a defender — it’s also a target.
One key risk is data poisoning: if attackers can corrupt the data used to train a model, they can skew its outputs and blind it to real threats. Another concern is prompt injection, where malicious inputs manipulate how Gen AI models behave — twisting helpful tools into dangerous liabilities.
Gen AI is also enabling attackers. We’re seeing deepfake identities used in fraud, automated spear phishing campaigns that mimic human writing, and scams that evolve too quickly for traditional rules-based systems to keep up.
In response, telecoms is strengthening the AI foundations themselves. Security frameworks like ETSI’s baseline standards and the GSMA’s FS.31 offer practical guidance on building secure, resilient AI systems — from protecting training data and model integrity to ensuring access controls are tight and audit trails are clear.
Getting the basics right: AI security only works on solid ground
The harsh reality right now is that most successful cyberattacks don’t even rely on AI (at least, not yet). Much like burglars bypassing houses with security cameras in favour of easier targets, cybercriminals prefer to exploit simple weaknesses like unpatched vulnerabilities, default passwords and poor access controls.
That’s why basic security hygiene — regular patching, strong authentication, proper access controls etc. — remains the foundation that AI security tools must be built on.
Successful deployments follow a defence-in-depth approach. We must accept that attackers will get in. The goal is a layered defence, so that when the inevitable happens, operators notice before attackers access anything that matters.
AI enhances this strategy, but defence always lags behind attack, because defence is designed to see off attack signatures. In short, AI defence tools are only as good as their ability to notice differences from normal behaviour.
Strength in numbers: Cybersecurity demands a united front
The GSMA’s Fraud and Security Group (FASG), working with mobile operators around the world, continues to champion a collaborative approach to securing telecom networks.
Encouragingly, operators are increasingly open to sharing anonymised threat data, using AI to draw insights faster, and helping each other raise the bar. In cybersecurity, it’s cooperation (not competition) that will make a real difference.
And for global success across industries, collaboration must extend beyond telecoms. For example, as mobile networks become increasingly software-defined, many operators are already adapting proven cloud security practices while preparing for quantum computing threats through AI-driven encryption research.
Same game, new rules: Security must evolve at network speed
Let’s be clear: This isn’t a new war of AI versus AI. It’s the same cat-and-mouse game between attackers and defenders that’s been playing out for over 50 years. Only now, it’s happening at machine speed.
Success requires recognising that AI security tools are force multipliers for comprehensive security strategies, not replacements for fundamental security practices. Operators who embrace this balanced approach will not only protect their own infrastructure but also enhance security for the entire digital ecosystem they enable.
The transformation is already happening. The only question now is: Will operators lead it, or be forced to react to it?
