This Industry Viewpoint was written by Todd Humphreys, WEI GTM Cybersecurity GTM Leader
AI is now embedded across modern security tools and systems that help telecom operators detect vulnerabilities and threats faster and at a greater scale. Security processes that once took weeks of manual analysis can now be completed in just minutes, dramatically increasing visibility across distributed Radio Access Network (RAN) infrastructure, core networks and virtualized environments.
Verizon’s recent adoption of Anthropic’s Mythos underscores how fast the telecom industry is moving in this direction. While tools like Mythos can promise stronger security defenses, it can also introduce a new type of challenge.
When the speed of threat detection increases, so does the volume of findings for operators. They are left with more high-severity alerts, often without the context needed to determine what is a threat and what is simply noise. The increase in data can make it harder to prioritize, validate and act on real threats, effectively changing the role of telecom operators. Finding vulnerabilities is only part of the job as operators work to understand which matter and make decisions under growing volume.
When volume is outpacing decision making
Traditional threat detection is no longer keeping pace. AI-based systems now spot cyberattacks 85% faster, and that speed comes with accuracy to match. AI-driven solutions are hitting 98% detection rate and cutting incident response times by 70% — numbers that would have seemed ambitious a few years ago. Yet, greater detection capability is hard for most teams to manage. A recent report found that 88% of security teams say that alert volume has increased, with nearly half seeing spikes of more than 25% in the past year. For telecom operators managing millions of endpoints, IoT devices and customer-facing systems, that noise problem is especially acute – the scale of the environment makes clearing the noise uniquely complex.
When everything is flagged as a threat, operators are forced to spend time on issues unlikely to be exploited in live environments, while more critical gaps remain unaddressed. The result is inefficiency and increased threat of exposure.
Visibility is only part of the equation. The other part of the problem is making sense of it, weighing what matters against what can wait and knowing where action is urgent. Making that happen demands more than better tools. It requires stronger context, sharper processes and a tighter connection between detection and real-world risk.
Attackers and detection are moving at the same pace, putting pressure on detection to decision-making
The same AI capabilities that help telecom teams identify vulnerabilities are also used by attackers. Bad actors use the same automation to scan environments, identify vulnerabilities and test exploits without the level of expertise previously required. Telecom networks are particularly high-value targets, from SS7 vulnerabilities to API exposure in 5G core networks represent well-documented attack surfaces. This accelerates how fast they can find and exploit vulnerabilities. Tasks that previously required coordination and manual effort can now be handled through automated workflows that continuously probe weaknesses and adapt in real time, tipping the scales for attackers to create chaos.
For operators, this raises the stakes and increases the pressure to move beyond threat detection. Knowing where vulnerabilities exist is only the starting point. The window to act is also shrinking. The median time for vulnerabilities to be exploited has dropped to as little as 1.6 days, leaving teams with far less time to determine which risks matter most. At 1.6 days, there’s no room for a slow triage process. But speed without human judgement is its own liability that security teams must resolve.
Without human oversight and judgment, even accurate detections can be difficult to interpret and act on. Instead of focusing solely on detection, teams need to build processes that validate, prioritize and continuously test AI-driven outputs under real-world conditions. That means correlating vulnerabilities with actual network exposure – understanding how risks connect across RAN, core and edge systems – and evaluating how and where they may be exploited.
The organizations that will gain the most value from AI findings are the ones that can connect those outputs to real network risk and act before it becomes an issue.
Redefining Security Success
Historically, organizations have measured security performance by the number of vulnerabilities identified or remediated. But in an environment where AI can generate exponential findings, volume alone is no longer a useful indicator of effectiveness. More findings do not necessarily mean better security outcomes.
Operators should rethink how they define success. Their focus needs to shift from how much is discovered to how effectively teams can identify and remediate security vulnerabilities that matter the most. This will require tighter integration between detection tools, threat intelligence and operational workflows. It will also require a mindset shift, one that treats AI outputs as inputs into decision-making, not final answers.
Where Telecom’s Security Advantage is Won
The measure of a strong security program is what they do with what they find. AI has raised the ceiling on detection, but the teams getting the most value from it aren’t the ones with the most alerts. They’re the ones with the clearest process for deciding what to act on and when.
That’s the question every telecom operator should be asking right now: not whether their tools are finding threats, but whether their team is equipped to make fast, accurate decisions when they do. Are vulnerabilities being correlated against your specific network? Is AI output validated against network conditions? Are the right vulnerabilities getting prioritized before the window to act closes? Is there enough human oversight in place to catch what automation gets wrong?
The advantage won’t go to operators with the most visibility. It will go to the ones who have built the judgment, processes and integration to turn detection into decisive action.
###
About Todd Humphreys
Todd has led GTM initiatives for the world’s largest cybersecurity leaders, including 11 years at WEI’s longtime partner, Palo Alto Networks. With over 30 years as an IT professional, Humphreys has helped pioneer cybersecurity solutions such as intrusion detection, wireless security, next generation firewalls, and XDR solutions.
About WEI
WEI is a full-service IT solutions provider specializing in enterprise connectivity, infrastructure, and managed services. The company’s WEI Connect integrates Starlink to deliver satellite-based connectivity solutions for distributed, remote, and operationally critical sites — including monitoring, support, and vendor management — helping organizations maintain continuity when traditional networks fail.
If you haven't already, please take our Reader Survey! Just 3 questions to help us better understand who is reading Telecom Ramblings so we can serve you better!
Categories: Industry Viewpoint · Security






Discuss this Post