Transcript
service provider ecosystem, recording live here at Mobile World Congress Barcelona 2026. From securing AI, adoption to threat intelligence, business strategy, security operation and value-added services, we bring expert insight to help service providers grow, stay resilient and ahead of the curve. Let's dive in. I'm your host, Ronen Spihler, Director of Technical Solution Marketing at Fortinet, and I'm joined by Tunt Jormaz from Accenture. Tunt, great having you with us. Thank you very much for joining. My pleasure. There are several topics that I want to cover, but first of all, maybe let's start with governance. So telco networks are complex services, architectures, products and regulations. What would you consider to be the key building block of a security governance in a service provider and what does security, cybersecurity, what's role the cybersecurity has to play in it? I mean, Ronen, it is getting more important by the day and not only the increasing cyber attacks and others, AI requires this new governance. And obviously, in the old days, it was a part of IT organization, but we see more and more, it is taking a much stronger role and not anymore CISO kind of roles, but chief security officer is becoming a separate entity. And another important thing is that boards start to realize how critical this thing is. And according to, again, the requirements, legal requirements, board is accountable for the security, not the C-level people, board is accountable. And from that angle, they are asking the chief security officer reporting directly to them and making the all necessary compliance activities going one by one and making a part of the board agenda on a continuous basis. In the once upon a time, which was a nice to have topic, now it's a mandatory topic of the boards and they are asking, guys, give us a good lay of the land on a frequent basis, no surprises to be there. So we at Fortinet, we look at security in service provider as a whole, as really a three-layer structure. We call it secure and operate. And it's all about there is the organization on security hygiene with procedure, governance, awareness, training, and so on and so forth. On top of that, you have the cybersecurity infrastructure that you need to put in place. And then on top of that, we have what we call the operate, the security operation. So what do you think are, from a governance perspective, what are the key technological and operational aspects and requirements that we should pay attention to? And why does it do all of that operate layer, that security operation? I mean, this is a great question, by the way. The reason is, we were focusing a lot about the, how should I say, maybe the building blocks of security so far, and at the very bottom infrastructure, obviously, you need to put the secure infrastructure in place, where you are having a lot of role and responsibility. Where Accenture gets in is the second layer, which is the process layer, and how you will do and how you will run these infrastructure properly. And together with the people, training, education, and making them ready. The third layer on top of it is the governance layer. How you will govern these things, and how you will, and what we see the major trend is the automation. And more and more, we see the old activities, old processes are becoming translated into more AIOps environment, and SecureOps and AIOps, there is a strong convergence between them. The clients are asking, rather than we do separate, like this test, can we run it at the back all the time? Can an agent we can create, and they run the tests all the time? And if there are any anomalies, we get informed without losing any opportunity or any moment. This is the new mentality shift of operations. How should I say, how we can train agents to be like white hackers, and not doing a one-off penetration test, this or that, but continuously doing it, that will warn us any vulnerability in the overall system. With that, I can say the security is now ready to be, especially operational angle, ready to be redefined. And there will be more, I believe, new innovation and new perspectives coming up soon. This is what we call AI for security. How do you utilize the power of AI to enable all of this? And by the way, before your question, this is just, we are scratching the surface. Yeah, it's the beginning. This is the beginning. Look, AI is still at a chat GPT level. When AI gets into our devices, at handsets fully, when it becomes at IoT, when it becomes transactions, when it becomes, then security will be the most crucial component. Because if there is an agent, there is an anti-agent. Yes. Yes. These are like yin and yang. They will be always happening. And look, one thing is, for example, interesting is, have you heard any AI virus? AI virus? Yes. Like AI-designed viruses. AI-designed viruses, exactly. These are the, currently, there is not much, obviously, publicity around it. But again, yin and yang, it will come. Exactly. Then have to be ready for that. Exactly. AI for attackers, AI for defenders. For sure, it will be the same. Exactly. Exactly. So when we're looking at all of that, we're looking about governance, we're looking about security operation, the involvement of AI. These are very generic terms. Is there any, when talking about telcos and service providers, does that have to be specific to them? Is that different from any enterprise that would use them? Ronen, you're asking this to a network guy. I mean, my answer is, you can predict what it is. It has to be. It has to be. It's telco-specific. Why? Why? It's a telco-grade concept, uniquely here. However, when you are the network of networks, your liability is bigger. And as a result, you have to be more secure compared to the other tentacles of your organization and others. And this means operators have, obviously, at the beginning, a sovereign, a national like security perspective. And then, if they have an enterprise security, and it goes up until the consumer, yes. But this sovereign security concept, I will say, yes, operators have to think differently. Exactly. And approach differently. It will be a unique solution for them. Exactly. Exactly. That's what we believe. So we talked a lot about AI, and we didn't talk about ads. Let's talk a bit more about AI and what you see in service provider using AI. So can we say that, and you mentioned that we are just, you know, gen AI and just, you know, scratching the surface. How do you see AI adoption in service provider? Is it mostly today pilots and proof of concept, or is it really starting to be integrated in their processes in the way that they run their business, their networks? This is a challenging one. In fact, I'm just coming. Let me put a plug here. Coming from connected industries, where Accenture and like GSMA, we do together, how to bring technology, mobile technology to the industries. And especially in the telco and revenue side, there are three trends, very strongly growing. Number one is, obviously, we talk about autonomous networks. I mean, it is how to bring the processes, how to put agentic approach, and this is already happening. I mean, the last two years we were in POC, a lot of POCs, a lot of learning done. Now we are going to the production. And already as Accenture, we have several production grade agents running the network in NOC. Is that running in specific areas? For example, is RAN or? It is in the NOC cross domain. And the important concept here is that it is process. Again, there are a lot of companies doing like small use cases here and there. It is really a big limiting factor. When you put the data necessary for that, then you can put models on top of it. And then you can go to agents. And it should be a holistic view. You can't say, let me do only for RAN or only for core, because data, you have to collect this still massive amount of data. With that, the most popular agents are, you can predict it as incident management. Number one, fault management. Number two, change management. Number three. These three agents are up and running in several of our clients. And by the way, security is one of the top, how to do, and we call it like in Accenture responsible AI, with the guardrails, with the right security, right preparation. This is the autonomous network area. The second one is, AI grid is coming. I mean, AI grid is like somebody can say, okay, what is kind of thing AI grid? Guys, AI is like a generational technology. It will redefine how things work and how business will be made. You think it will be the same network will be running around with all these things? There will be a certain at the edge, we will move intelligence to the edge. And with the edge, we will create a new form of AI grid that will enable these transactions. And finally, the third one is token economy. I mean, token economy was hot a couple of years ago, due to a totally different reason, blockchain. Yeah, exactly. And it came and then disappeared. And now it is coming back. Now with AI, it's coming back. Now AI is coming back. It is coming back. And like, again, you know, our industry, we talk a lot about like uplink speed, downlink speed. And you buy still like unlimited gigabytes, your packages, one the topic will be is that how much the token, how many tokens do you use? Token consumption models, and we will measure the speed of token arriving, or the accuracy rate of token. And all these components are being created. This will be the AI grid. It's a whole, it's more than technology, it's economy, it changes the economy. And then is I believe, all industry, we should be ready. And how should I say that security will be an inevitable part of it. And it should be and it should be more embedded into everything we do. Like from the creation of the token delivery consumption, the whole process, how you can create this secure token delivery and management, I can tell you there will be a lot of challenges coming up. Exactly. Challenges and opportunities. Yes. So looking at service providers today, do you think, very briefly, that they take seriously and aware of the security risks that come with adopting AI? And are they aware? And are they doing something about it? I'm sure Accenture is aware and helping them. But is that, is there is this awareness at the service provider level? I think so. I think so. And especially, I mean, due to, I will not tell which country, but there are, you know, several operators were under pressure. There were certain activities by certain people. And I don't want to get too detailed. However, now it is a top of the agenda item. And they're aware of that. They would like to, like, involve and like, really create a path going forward. And they are looking for partners. This is like, it is becoming a more, like, it is not any longer a vendor or SI kind of relationship. It is more like a community partner on that for a longer term. And the reason is, the security industry is moving much faster than the rest of the industry. There are much more new things, threats, much more new, like, attack paths. And if one way or another, like, the really attack zones are increasing. And that's why they need partners to cover their gap. And this is the more kind of new modus operandi we see in the market. Tunç, thank you so much for your insights, and it was absolutely great. Thank you so much. My pleasure. Thank you. Thanks for inviting us. That's all for this episode of Fortinet OnAir, recording live at Mobile World Congress Barcelona 2026. Fortinet OnAir is available on YouTube, on all podcast platforms, and Fortinet TV.
