Why Telecom's AI Future Depends on a Smarter Access Control Foundation

By Special Guest
Srikanth Sallaka, Founder and Chief Product Officer, TrustLogix
March 26, 2026

Artificial intelligence is forcing the telecom industry to make course corrections at a pace few anticipated. Autonomous network operations, AI-driven OSS/BSS optimization, and multi-agent systems are moving quickly from pilot to production. But, as AI adoption accelerates, a fundamental challenge is coming into focus: today's access control models were not designed for machine-speed.




I spend a lot of time with data and AI leaders at global telecom operators, and a consistent theme emerges. Teams have the technical ambition, and they’ve kicked off the platform investments, but the access control foundation — the layer that governs who and what can touch which data, under what conditions, for what purpose — is falling worryingly behind. Sreedhar Rao, Global Telco CTO at Snowflake and Sanjay Zope, Global VP, AI & Data Engineering and Strategy, at Ericsson (News - Alert), have both articulated this with unsurprising clarity, and their perspectives shape how I think about what telcos need to get right in 2026.

Where AI Adoption Falls Apart

A data leader at a large telco will often give one of these four answers when asked where AI hits a wall:

  • Fragmented access controls are inconsistent from platform to platform;
  • AI agents accumulate permissions that human-centric models never anticipated;
  • Contractual limitations are written for human access rather than model inference; or 
  • Data residency rules and regulations are nearly impossible to enforce at compute time.
   Sanjay Zope

Sanjay describes it from Ericsson's perspective: "When approvals are manual and different systems apply access rules differently, this slows AI teams. They can’t tell which data to use for training and which to use for inference. Compliance teams don’t have the ability to prove who accessed which data under what role or policy."

The result is slower time-to-insights, higher costs, and growing risk, at exactly the moment telcos need to move faster.

Why RBAC Breaks Down at the Speed of AI

Role-based access control (RBAC) has served enterprises well for human actors with stable, predictable access patterns. But, as soon as autonomous agents show up, that framework doesn’t hold up. Sreedhar says it’s a speed-and-scope problem.  He explains that agents make decisions at machine speed, while gathering role-specific access, leading to unprecedented capabilities over time. Roles intended to enable specific tasks grow until agents have permissions much wider than any administrator expected. That’s an ongoing risk and liability in an autonomous network environment.

Sanjay adds the enterprise dimension: RBAC proliferates into too many roles and too many exceptions. Teams grant wider access to avoid bottlenecks, and that access gets silently reused by automation. Time-bound or geography-specific rules — mandatory for telcos operating across dozens of regulatory jurisdictions — simply cannot be expressed natively in RBAC. The more complex the environment, the more RBAC becomes a liability rather than a safeguard.

The Shift to Policy-Based, Purpose-Aware (News - Alert) Access

The architecture leading telcos are moving toward is replacing role-based thinking with policy-based access control (PBAC) and attribute-based access control (ABAC), governed through a unified orchestration layer. Instead of asking "What role does this identity have?" the system asks, "What is the purpose of this request, who is making it, from where, and under what contractual terms?"

Ericsson's approach is instructive. They've built a policy repository that translates contractual language into machine-readable rules — defining what data can be accessed, for what purpose, where it can reside, and for how long. Every agent and system integrates with that central layer rather than embedding access logic individually.

"When authorization checks become automated and policy exceptions can be traced, compliance can quickly become an enabler rather than a blocker," Sanjay says. 

You Have to Be Able to Prove It

  Sreedhar Rao

Policy enforcement is necessary but not sufficient. Telcos and their regulators increasingly require compliance to be documented and demonstrated, not just asserted. This means companies will need a real-time audit trail of every agent action, every data access event, and every policy decision. Granular, transactional visibility into access patterns, with anomaly detection that raises alerts about behavior in near real time, and open data format support (including Apache Iceberg) that extends governance to data outside Snowflake, explains Sreedhar.

Most operators are missing the piece that expands that same policy enforcement to the agent layer itself. This means autonomous agents must be limited by the same defined, traceable rules that apply to other data users, rather than gathering access across systems. That requires treating agent identity and agent actions as first-class governance objects, not afterthoughts.

There Is No AI Strategy Without a Data Strategy

Underneath all of this is a harder problem: decades of data sprawl. Telcos operate across hundreds of systems — BSS, OSS, CRM, billing, network management — many built before the cloud era and never designed to interoperate. Sreedhar is upfront: you cannot put AI on top of an extensive, ungoverned data landscape and expect efficiency. The data foundation has to come first. But AI can accelerate the consolidation work. Sanjay points to a concrete measure: implementing semantic layers and ontologies can bring AI hallucination rates from industry averages above 70% down to 2-3%. That is the difference between AI that is production-ready and AI that creates more problems than it solves.

The Highest-Leverage Investment for 2026

Sanjay had a recommendation for data and AI leaders this year: build the policy layer first. A centralized orchestration layer that translates contracts and regulations into machine-enforceable rules — paired with unified identity and robust telemetry — gives you not just enforcement, but provability. Sreedhar's priority is complementary: consolidate data visibility without moving data unnecessarily. Operators who can see and govern their full landscape are the ones positioned to scale AI safely.

The organizations that will lead in AI-native telecom are not necessarily those with the most advanced models. They are the ones building the right foundation — governed, observable, policy-driven access that makes autonomous operations sustainable. When that foundation is in place, security stops being a constraint on AI adoption and becomes one of its primary enablers.

About the author: Srikanth Sallaka is Co-Founder and Chief Product Officer at TrustLogix. With over two decades of experience at Oracle (News - Alert) and NextLabs, he has led the development of groundbreaking enterprise and cloud security products, including the industry’s first cloud-based authorization-as-a-service.




Edited by Erik Linask
Get stories like this delivered straight to your inbox. [Free eNews Subscription]


SHARE THIS ARTICLE

The PBX Isn't Dead: It's Becoming the Operating System for Revenue Growth

AI-powered voice agents are transforming the traditional business phone system into an intelligent orchestration platform designed to drive enterprise revenue growth.

Read More

The Forgotten 70%: Enterprise Communication Is Finally Catching Up to the Deskless Workforce

8x8 Resolve is a new mobile-first critical communications and incident management platform designed to help enterprises reach deskless workers across SMS, voice, WhatsApp, and mobile app channels while improving acknowledgment tracking and auditability.

Read More

When Seconds Matter, Estonia Is Making Sure the Warning Gets Through

Estonia is expanding its EE-ALARM public warning system with end-to-end Cell Broadcast and hybrid alerting capabilities designed to deliver faster, more resilient emergency communications nationwide.

Read More

From Artisan Roots to Global Ambition, Robertet Is Building the Network Foundation for Manufacturing, Compliance, and AI

Robertet has selected GTT Communications to modernize connectivity across 50 global sites, building a more resilient network foundation to support manufacturing operations, regulatory compliance, cloud systems, and AI-driven innovation.

Read More

The Channel Advantage: How Industry Recognition Helps Companies Recruit, Retain, and Grow Partners

The 2026 INTERNET TELEPHONY Channel Excellence Awards recognize communications and technology companies delivering partner-first channel programs built around enablement, recurring revenue, cloud communications, AI, cybersecurity, and long-term MSP and advisor success.

Read More