For every instance where AI technology actively helps companies strengthen their cyber defences, there’s another that shows attackers are exploiting AI to develop quicker and more efficient attack methods.

The proof? Two years ago, data exfiltration attacks took nine days to complete. Today, in over 50 percent of cases, it takes only a single day. One in five breaches happen in under one hour. The knock-on effect for business revenue is monumental, with the average cost of data breaches surging from $4.24 million in 2021 to nearly $5 million in 2024.

As debate intensifies over the extent of AI’s impact on the evolving threat landscape, its double-edged nature presents challenges and opportunities for telecoms operators in equal measure - as they balance the need to not only secure their core networks, but also extend protection across IoT, cloud, and AI-driven infrastructure.

AI’s role in the evolving threat landscape

The evolution of supply chains and network technologies (e.g. 5G SA and 5G-Advanced) - and increasing number of connected IoT devices - means the cybersecurity attack surface is expanding rapidly.

Meanwhile, the rise of network APIs and satellite-based connectivity are introducing new vectors for exploitation, resulting in cybercriminals engaging in active scanning and reconnaissance to identify vulnerabilities across mobile networks.

Our latest Mobile Threat Landscape Report highlights other emerging threats such as data poisoning, prompt injections, and synthetic identity fraud. Each threat is powered by AI, and each is capable of undermining trust in digital systems, at scale.

However, despite popular belief, the majority of AI-driven threats today are relatively simple. Typically, cybercriminals use AI to automate and amplify core, known attack methods through greater efficiency, scale, speed — rather than create new ones.

Phishing scams, for example, now use AI to create more convincing emails, synthetic voices, and fake identities at scale. Similarly, malware-as-a-service platforms are integrating AI to improve payload delivery and evade detection.

The bottom line? AI is not the threat - poor cyber hygiene is. Without foundational security practices in place, even the most advanced AI defence tools will be ineffective. Worse, they can even become liabilities if used in isolation or if poorly integrated into wider security systems.

Cyber resilience begins with strong cyber hygiene

To effectively respond to the surge of interconnected threats, telecom operators must, before anything else, establish strong cyber hygiene foundations. Basic measures like regular patching, proper password management, and fundamental security protocols remain the first step in any comprehensive security strategy.

Then, more strategic approaches – from threat modelling to supply chain simplification, and security testing to network segmentation through zero-trust architectures – are essential next steps for telecom operators looking to build a strong security foundation.

Of course, basic security defences can only go so far. The hard reality is operators must assume that attackers will eventually breach their initial defences. The key is limiting what they can access.

That’s why a multi-layered defence plays such a pivotal role in creating an orchestrated security ecosystem capable of protecting valuable data and infrastructure. Aligning controls with threat models, leveraging built-in protections at lower layers, and customising decisions at higher layers – only once all these foundations are in place does it make sense to layer AI on top, using it to enhance detection, automate response, and adapt to evolving threats.

Industry standards: Forming the backbone of secure AI cybersecurity

According to research, almost two-thirds (65 percent) of companies now use AI to track threat indicators such as suspicious hostnames, IP addresses, and file hashes.

AI also helps generate rules based on known patterns and behaviours, enabling faster identification of anomalies. For example, the MITRE ATLAS™ (Adversarial Threat Landscape for Artificial-Intelligence Systems) provides a knowledge base of adversary tactics and techniques based on real-world attack observations.

For AI-powered cybersecurity to work, industry frameworks and standards must play a central role, including:

• Baseline protections, such as those outlined in GSMA FS.31, help telecom operators establish consistent, layered defences. 

• Evolving standards like ETSI’s Baseline Cyber Security Requirements for AI Models and Systems offer guidance tailored to the unique risks posed by AI systems.

• National initiatives, such as the UK’s product security mandates, help address long-standing vulnerabilities in IoT ecosystems.

These frameworks provide a shared language and structure for implementing best practices across the telecom ecosystem, enabling operators to align their defences with both sector-specific requirements and broader industry norms.

Put simply, operators must align their AI capabilities with existing controls, embed them within zero-trust architectures, and ensure they’re governed by robust risk management frameworks. It also means recognising many AI-related vulnerabilities - such as large language model data poisoning - extending beyond telecoms and requiring cross-industry collaboration to address.

Stronger together: Securing the AI-enabled future

Telecom operators stand at the crossroads of innovation and responsibility. As AI reshapes the cybersecurity landscape, the real challenge isn’t just about keeping pace with emerging threats - it’s about staying grounded in the fundamentals.

This is telecom’s time to lead. Through strong security practices, adherence to industry standards, and the integration of AI into cohesive, layered defences, operators can do more than protect just their own networks. By collaborating with customers and enterprises across key industries, they can help secure nearly every major digital ecosystem supporting our global economies.

Ultimately, the future isn’t AI versus AI. It’s resilience versus risk: and resilience starts with getting the basics right.

Samantha Kight Head of Industry Security GSMA