10 - The Hidden Dangers of AI in Telecommunications: Protecting Data in an Era of Automation

This is a guest post from a previous colleague and long time friend Michael Hobbs. He is a very gifted Senior Network Engineer at a prominent ISP/Telecom Company.

Michael has spent the last 11 years in the telecommunication field and it has taught him that nothing is accomplished by one individual. The best results come when you assist your team and strive to build everybody up to improve all. Through this teamwork is where true customer service is developed and implemented.

In his current role he works with an excellent group of dedicated engineers. Everyday he works to maintain a diverse fiber network with a wide range of solutions for their ever growing customer base. Michael is adept in a mix of network elements including Juniper, Cisco, Nokia, Accedian, Ekinops, and Cienna devices.

He is dedicated to increasing his knowledge to be the best at what he does. He enjoys developing himself into a subject matter expert and distributing the knowledge he has gained to his fellow teammates. He strives everyday to challenge himself as he moves up in his organization to serve as an integral part of the customer service experience. He has obtained the JNCIP certification as well as pursuing multiple other certifications and will continue on these paths more into the future to back up his knowledge with proof.

This article is extremely informative and if you’re in the telecommunications or cyber security field it is a necessary read. Enjoy.

——————————————————————————————————————————————————

Artificial Intelligence (AI) has transformed the telecommunications and networking industry, improving efficiency, automating network management, and optimizing customer service. However, as innovative technology develops, and as telecom companies increasingly rely on AI-driven tools, there is a growing risk that sensitive company data, customer information, and even system passwords could be exposed to third-party vendors. If not carefully managed, this reliance on external AI solutions could create vulnerabilities that threaten the very networks telecom providers seek to safeguard. As we apply a previously effective level of scrutiny to a landscape that is changing every day we must adapt sooner rather than later.

The Double-Edged Sword of AI in Networking

Telecom and networking companies often use AI for proactive monitoring, anomaly detection, and data collection and analyzation. The benefit is clear, AI-powered systems can analyze massive amounts of data, detecting issues before they become widespread failures. While this technology offers undeniable advantages, the downside is that many AI programs operate on cloud-based platforms controlled by third-party providers. This raises serious concerns about data security, especially when company-sensitive data is processed and stored off-site. The environment has been cultivated so that internal employees feel safe discussing details that they would never make public inside company provided programs and tools. When you introduce a new element with AI systems it is not immediately obvious the ways this changes the dynamic. Discussing a shared login on an internal call with coworkers is not seen as any issue but if there is an AI transcription bot on the same call suddenly that information is being stored and analyzed on a remote server that may have no privacy agreement with the company. As we live in a world where terms and services are blindly accepted most people have little understanding of what can or cannot be done with the data that is being collected.

As another example, AI-driven chatbots like ChatGPT can be a quick resource for questions that normal search engines do not satisfy. Some may copy and paste selections of device configurations. These configurations may contain customer address, name, public IP, and/or passwords. If these AI systems are not explicitly designed with end-to-end encryption and strict data retention policies, they become an attractive target for cybercriminals.

The market has always followed the pattern of new technology/products emerge, and as they trend into popularity more alternatives began to show up. As time passes these similar products become less and less dependable and secure. What may have started with established professional companies are now mixed in with a never-ending selection of bad actors. Even when the creators have the best of intentions there is an elevated chance that their security measures and protections are subpar. The original creation has taken time to be developed and assessed as a flagship product, but the products seeking to replicate this have been rushed to meet the demand that has been created.

Security Risks of Off-Site Data Storage

When networking/telecom companies rely on third-party AI services, they often store information on external servers, leaving them vulnerable to several risk factors. The third-party AI provider servers can experience their own data breaches exposing the data that has been provided to them to be exposed. As many of these assistant programs have individual users as their subscribers, the company itself may not be notified of any breaches giving them little knowledge or control over such events.

Regulatory compliance violations may also arise, as many regions have strict data protection laws (e.g., HIPPA, CCPA) requiring companies to maintain control over customer data, using any external platforms that store data off-site may put companies at risk of non-compliance. When a company enters into an agreement with a third-party provider the legal teams review and evaluate the terms and protections, without such process it opens the door to endless possibilities. Additionally, data retention risks exist, where some AI platforms store interaction data to improve their learning algorithms, there are others that share their data with other companies. Most of the currently available AI platforms state that the data collected is anonymous, but this is a term with a wide range of definitions. Even with the best efforts there have been multiple examples or AI programs that are able to re-establish identities to data that was altered to be anonymous.

Mitigating the Risks: What Telecom Companies Must Do

Networking/Telecom companies must vet AI vendors rigorously before integrating any AI solution by assessing their security practices, encryption standards, and data retention policies. Keeping critical data on-premises is crucial, in contrast to relying on cloud-based storage. Companies can attempt to fill the need before the employee does by seeking out third-party providers with proper security measures and reaching agreements with them before any individual can find their own alternative. Utilizing AI with zero-retention policies is a viable option, though rare to find, selecting tools that do not store queries or customer interactions beyond the immediate session do exist.

Filtering the data provided to AI systems is also an adequate method but only works for certain applications and would not be possible with things like transcription services or chat assistants. Creating companywide policies on the use of AI platforms is essential, as companies should be the firewall between the outside world and the tools employees use, ensuring that not only do they control which external companies have access to their data but also having a full picture of where their data is. Finally, demanding regular security audits, continuous monitoring, and penetration testing of AI-integrated systems from these third-party providers, will help identify potential vulnerabilities before they become full-scale security threats.

Conclusion: AI Must Be A Tool Not A Weapon

The future is bright with all the emerging tech to help manage large scale networks and reduce customer impact and downtime. However, we cannot allow the desire to automate and simplify to overtake the need to protect. We must reject the thought that these platforms are harmless and understand that even the most mundane system is a complicated platform. Most of us do not understand the inner-workings of AI systems as they are at the forefront, which means that we may not be able to conceptualize the risks we are creating. Overall, the market will adapt security measures and improve over time, but we must be a driving factor in that, or we may find ourselves the cautionary tale.

---

Find out more about Michael Hobbs on Linked In @Michael Hobbs