Artificial intelligence is forcing the telecom industry to make course corrections at a pace few anticipated. Autonomous network operations, AI-driven OSS/BSS optimization, and multi-agent systems are moving quickly from pilot to production. But, as AI adoption accelerates, a fundamental challenge is coming into focus: today's access control models were not designed for machine-speed.
I spend a lot of time with data and AI leaders at global telecom operators, and a consistent theme emerges. Teams have the technical ambition, and they’ve kicked off the platform investments, but the access control foundation — the layer that governs who and what can touch which data, under what conditions, for what purpose — is falling worryingly behind. Sreedhar Rao , Global Telco CTO at Snowflake and Sanjay Zope , Global VP, AI & Data Engineering and Strategy, at Ericsson (News - Alert ), have both articulated this with unsurprising clarity, and their perspectives shape how I think about what telcos need to get right in 2026.
Where AI Adoption Falls Apart
A data leader at a large telco will often give one of these four answers when asked where AI hits a wall:
Fragmented access controls are inconsistent from platform to platform;
AI agents accumulate permissions that human-centric models never anticipated;
Contractual limitations are written for human access rather than model inference; or
Data residency rules and regulations are nearly impossible to enforce at compute time.
Sanjay Zope
Sanjay describes it from Ericsson's perspective: "When approvals are manual and different systems apply access rules differently, this slows AI teams. They can’t tell which data to use for training and which to use for inference. Compliance teams don’t have the ability to prove who accessed which data under what role or policy."
The result is slower time-to-insights, higher costs, and growing risk, at exactly the moment telcos need to move faster.
Why RBAC Breaks Down at the Speed of AI
Role-based access control (RBAC) has served enterprises well for human actors with stable, predictable access patterns. But, as soon as autonomous agents show up, that framework doesn’t hold up. Sreedhar says it’s a speed-and-scope problem. He explains that agents make decisions at machine speed, while gathering role-specific access, leading to unprecedented capabilities over time. Roles intended to enable specific tasks grow until agents have permissions much wider than any administrator expected. That’s an ongoing risk and liability in an autonomous network environment.
Sanjay adds the enterprise dimension: RBAC proliferates into too many roles and too many exceptions. Teams grant wider access to avoid bottlenecks, and that access gets silently reused by automation. Time-bound or geography-specific rules — mandatory for telcos operating across dozens of regulatory jurisdictions — simply cannot be expressed natively in RBAC. The more complex the environment, the more RBAC becomes a liability rather than a safeguard.
The Shift to Policy-Based, Purpose-Aware (News - Alert ) Access
The architecture leading telcos are moving toward is replacing role-based thinking with policy-based access control (PBAC) and attribute-based access control (ABAC), governed through a unified orchestration layer. Instead of asking "What role does this identity have?" the system asks, "What is the purpose of this request, who is making it, from where, and under what contractual terms?"
Ericsson's approach is instructive. They've built a policy repository that translates contractual language into machine-readable rules — defining what data can be accessed, for what purpose, where it can reside, and for how long. Every agent and system integrates with that central layer rather than embedding access logic individually.
"When authorization checks become automated and policy exceptions can be traced, compliance can quickly become an enabler rather than a blocker," Sanjay says.
You Have to Be Able to Prove It
Sreedhar Rao
Policy enforcement is necessary but not sufficient. Telcos and their regulators increasingly require compliance to be documented and demonstrated, not just asserted. This means companies will need a real-time audit trail of every agent action, every data access event, and every policy decision. Granular, transactional visibility into access patterns, with anomaly detection that raises alerts about behavior in near real time, and open data format support (including Apache Iceberg) that extends governance to data outside Snowflake, explains Sreedhar.
Most operators are missing the piece that expands that same policy enforcement to the agent layer itself. This means autonomous agents must be limited by the same defined, traceable rules that apply to other data users, rather than gathering access across systems. That requires treating agent identity and agent actions as first-class governance objects, not afterthoughts.
There Is No AI Strategy Without a Data Strategy
Underneath all of this is a harder problem: decades of data sprawl. Telcos operate across hundreds of systems — BSS, OSS, CRM, billing, network management — many built before the cloud era and never designed to interoperate. Sreedhar is upfront: you cannot put AI on top of an extensive, ungoverned data landscape and expect efficiency. The data foundation has to come first. But AI can accelerate the consolidation work. Sanjay points to a concrete measure: implementing semantic layers and ontologies can bring AI hallucination rates from industry averages above 70% down to 2-3%. That is the difference between AI that is production-ready and AI that creates more problems than it solves.
The Highest-Leverage Investment for 2026
Sanjay had a recommendation for data and AI leaders this year: build the policy layer first. A centralized orchestration layer that translates contracts and regulations into machine-enforceable rules — paired with unified identity and robust telemetry — gives you not just enforcement, but provability. Sreedhar's priority is complementary: consolidate data visibility without moving data unnecessarily. Operators who can see and govern their full landscape are the ones positioned to scale AI safely.
The organizations that will lead in AI-native telecom are not necessarily those with the most advanced models. They are the ones building the right foundation — governed, observable, policy-driven access that makes autonomous operations sustainable. When that foundation is in place, security stops being a constraint on AI adoption and becomes one of its primary enablers.
About the author: Srikanth Sallaka is Co-Founder and Chief Product Officer at TrustLogix . With over two decades of experience at Oracle (News - Alert ) and NextLabs, he has led the development of groundbreaking enterprise and cloud security products, including the industry’s first cloud-based authorization-as-a-service.
Edited by
Erik Linask