Subscribe to the Non-Human & AI Identity Journal

Why do bots and AI agents make fraud harder to contain in telecom?

They increase the attacker’s speed, variation, and persistence, which reduces the value of static rules and one-off detections. In telecom, that means abuse can move from testing to monetisation quickly, especially when account recovery and messaging flows are easier to reuse than infrastructure-level controls.

Why This Matters for Security Teams

Telecom fraud becomes harder to contain when bots and AI agents can probe, adapt, and repeat attacks faster than human defenders can tune rules. Static detections are built for predictable abuse patterns, but autonomous workloads can vary device signals, rotate identities, and chain actions across signup, recovery, messaging, and customer care flows. That turns fraud from an isolated event into a distributed operation.

NHI Management Group research on the State of Secrets in AppSec shows that leaked secrets can take an average of 27 days to remediate, which is far too slow when attackers automate abuse in minutes. Current guidance from the OWASP Agentic AI Top 10 and NIST AI Risk Management Framework both point to runtime context and governance as necessary controls, not optional enhancements. In practice, many security teams encounter abuse only after fraud has already been monetised through reused recovery paths and messaging workflows.

How It Works in Practice

Bots and AI agents do not need to “break” telecom security in the classic sense. They exploit the fact that many fraud controls still assume a human actor with a stable device, stable intent, and stable cadence. An agent can test many combinations, observe which checks trigger, and immediately adjust its next move. That makes one-time fraud rules fragile and turns account recovery, SIM swap requests, OTP relay, and messaging abuse into high-value entry points.

The operational answer is to shift from static rule stacks to runtime decisioning. Best practice is evolving toward intent-aware authorisation, just-in-time access, and workload identity for autonomous systems. For example, a fraud workflow should verify what the agent is trying to do, whether the request matches its current job, and whether the credential presented is short-lived and bound to a specific workload. That aligns with the direction of the OWASP NHI Top 10 and the CSA MAESTRO agentic AI threat modeling framework.

  • Use ephemeral credentials with tight TTLs instead of long-lived API keys for automation.
  • Bind agent access to workload identity, not just a session token or device fingerprint.
  • Evaluate policy at request time with full context, including risk, velocity, and workflow state.
  • Isolate recovery, messaging, and account change flows so one abused control cannot cascade.

The point is not to block automation entirely, but to force every high-risk action to re-earn trust at runtime. These controls tend to break down in legacy telecom stacks where recovery channels, partner APIs, and customer support tooling share weakly separated trust boundaries.

Common Variations and Edge Cases

Tighter fraud controls often increase operational friction, requiring organisations to balance customer convenience against abuse resistance. That tradeoff matters because telecom environments include both consumer self-service and high-volume machine traffic, and current guidance suggests there is no universal standard for how aggressively to challenge each path.

Some abuse is low-and-slow, where bots mimic normal customer behaviour to avoid threshold rules. Other cases use AI agents to move across channels, such as starting in web signup, then pivoting into SMS verification, then leveraging support scripts to reset access. In those cases, a single fraud score is usually too coarse. More effective controls combine velocity checks, channel reputation, device and network signals, and workflow-specific policy. NHI Management Group’s coverage of AI LLM hijack breach and the DeepSeek breach both show how quickly exposed credentials and AI misuse can become operationally significant once automation is in play.

Where organisations still rely on static allowlists, shared service accounts, or long-lived secrets, containment usually fails because the attacker can simply wait, rotate, or replay. The hardest cases are environments with high partner trust, weak API ownership, and customer-facing recovery flows that cannot tolerate much latency.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

OWASP Agentic AI Top 10 and CSA MAESTRO address the attack and risk surface, while NIST AI RMF set the governance and control requirements practitioners need to meet.

Framework Control / Reference Relevance
OWASP Agentic AI Top 10 A1 Autonomous agents abuse fixed workflows and dynamic prompts to bypass static fraud controls.
CSA MAESTRO T1 MAESTRO focuses on threat modeling agentic systems and their tool-use abuse patterns.
NIST AI RMF AI RMF addresses governance, measurement, and monitoring for adaptive AI-enabled risk.

Assess agent-driven fraud paths at runtime and add controls for prompt, tool, and action abuse.