Earlier this month, Telefónica and Nokia revealed a collaboration to explore how AI software agents might enhance the use of network APIs. This partnership is part of the GSMA Open Gateway initiative, which seeks to standardize access to telecom network capabilities.
The initial focus has been on a fraud prevention use case conducted in a lab setting. Telefónica utilizes Nokia’s Network Exposure Platform to provide network APIs and related features, such as SIM and device swaps. Meanwhile, Nokia’s Network as Code platform brings together these capabilities through an Agent-to-Agent (A2A) format. The initiative leverages two advanced protocols: the Agent-to-Agent Protocol, which allows AI agents to coordinate tasks, and the Model Context Protocol, which offers a standardized pathway for AI systems to access external tools and data.
Alex Harmand, Telefónica’s Core and Platforms Senior Manager, noted that while today’s API-centric model is effective for individual network functions, it can become cumbersome for complex scenarios like fraud prevention. Developers in such cases often need to manually orchestrate multiple APIs like roaming verification and SIM swaps. Harmand explained this approach necessitates an orchestration layer that involves intricate scoring logic and version management. The intelligence remains fixed, requiring ongoing updates and handling the continuous integration of new fraud indicators.
The proposed A2A and MCP frameworks aim to streamline this process. Developers might specify objectives, such as “assess fraud risk,” prompting an AI agent to dynamically identify and assemble available tools. Harmand believes this adaptive, intent-driven model can reduce complexity and enhance resilience as services evolve.
Telefónica and Nokia plan to explore more use cases, sharing findings with the industry. Harmand acknowledged that while the technical groundwork is laid, commercial deployment hinges largely on customer interest. “Technically, the use case is viable today,” he affirmed.
However, several governance issues must be resolved before full-scale deployment. Agent authorization and authentication, enforceable policy controls, auditability for fraud decisions, as well as privacy and consent mechanisms are crucial.
“The biggest risk is not autonomy itself,” Harmand stated, “but ensuring control, trust, and accountability once autonomy is introduced.” He stressed that agents must adhere to predefined constraints, ensuring they operate securely within operator-defined guidelines.
The cautionary tale here is not deploying autonomous coordination without a well-constructed governance and trust framework. Done right, these agentic systems should not subtract from operator control, but in fact, streamline and elevate the management layers while maintaining operational authority.
