Transcript
provider ecosystem, recording live here at Mobile World Congress, Barcelona, 2026. From securing AI, adoption to threat intelligence, business strategy, security operations and value-added services, we bring expert insight to help service providers grow, stay resilient and ahead of the curve. So let's dive in. I'm your host, Ronan Spira, Director of Telecom Solution Marketing here at Fortinet, and I'm joined today by Filippo Cassini from Fortinet, our own. Filippo, great to have you on the show. Thank you for joining us. Thank you for having me. Great. You meet tens or hundreds, maybe I exaggerate, operators across the globe every year. What would you say is their key three challenges today? Well, considering the current situation, what we hear talking about a lot is sovereign. I start with sovereign because then the other one, which is AI, comes kind of connected because you want to have sovereignty and you want to be able to apply that sovereignty to AI as well. And then quite a bunch of conversation about quantum. Okay. So sovereignty, AI, quantum. In the order you like. Okay. Great. So let's start with sovereignty. Sovereignty. Okay. So what are the key requirements and concerns that are driving sovereignty for telecom operators? Well, I would say different regions across the planet bring up different challenges or different requirements. In the most simple form, this is an upgrade of a set of security controls that companies that telecommunication service providers should implement. Most of them do already. Some of them are in the guiding light. Some of them kind of follow up. But in general, there's a global understanding across the telco world that these are critical infrastructures. They need to be protected. And then the sensitivity to that protection apply to kind of the political environment, if you want, or the different geopolitical, let's say, situations. And eventually those turns into different level of implementation, right? So you have security controls that requires you to do different things, and this becomes technical requirements and things you need to implement in different ways, depending on which country you are. Right. What about the enterprises' requirements? Because service providers provide services to enterprises, so there's this pressure coming in from the customer side, from the enterprise side. Yeah. I mean, there are specific regulations that apply to the service providers themselves. In certain countries, these regulations regard the kind of connectivity services they offer, the kind of facilities they offer to the government. And so this folds particularly to the CSPs. Some of them apply to the enterprise, yes, especially when these enterprises are considered critical. So they get an extra set of regulations that they need to comply to in cyber. Okay. So sovereignty driven by, first of all, regulations and internal needs, but also the customer demands based on requirements. So let's move to the second one you mentioned, which is, well, the third one you mentioned is AI. So we've talked a little bit about AI. I haven't had a chance to tour the event yet, but I'm sure that everybody's talking about AI. Everybody's talking about AI. So how do you see AI deployments actually happening today in server providers? Is it proof of concept on Linux, or is it really in production? Oh, I don't know. There's a lot of... First of all, I love to make distinctions inside the AI, let's say, ecosystem. As everybody knows, the basis of AI is these neural networks, this learning, self-learning kind of... Elon Musk calls it an Excel matrix of infinite complexity. Some of them is simply used as algorithms that helps you take the right decision. Some of them is actually what everybody uses in their phone, which is basically an LLM. And a lot of simpler implementations can be a chatbot, can be an application extensions that help you fill up form automatically. This is what we see more and more. So as far as a company is concerned, this is AI that sometimes it's hidden. So you acquire an application and suddenly this application starts using AI inside, but you have no knowledge of it. So that brings challenges, of course, with data, like how trusted this application is, because who is the third party providing the AI function, et cetera, et cetera. So this is like second level, am I aware of how much AI I have in my company? That's the most simple point of view. There are companies that are actually using it to develop extension. So some of the companies we talk to, say, for example, in industry, they may use algorithms for optimizing the product, make the product faster, make the product more efficient to do certain things. Or they may use AI against an LLM extension to help the user make it more productive. That's what we are doing, for example, in our management products and by extension in many others in the future. And then there is the third one, which is infrastructure. These are where many CSPs have been investing, which is basically GPU farms, AI farms, whatever you want to call it, which have, of course, the advantage of being sovereign whenever the telco implements locally because they can be provided as a service, particularly to government. It's like my easiest case is the government wants to use an LLM to extend like tax advice. You want to do it on a, you know, locally, of course, you don't want to ask for tax advice for an LLM running in a country that maybe become adversary one day. Exactly. Right. So, yeah, exactly. This is kind of like high level. And by the way, do you find that these concerns and implementations are common to enterprises in telcos or service providers or something which is different and unique in a service provider environment? No, I think the telcos have all the three levels, right? Because they offer it as a service, they use it, they productize LLMs to help their own users, etc., etc. So I would say telcos is where you find the whole ecosystem. They have the entire AI stack. Yes. And maybe different teams are actually dealing with it. Yeah. Yeah. OK. So I think we see a lot of this kind of, and especially maybe, you know, one of the challenges about AI is the fact the models are evolving super fast. So you have an R&D department that is kind of playing with them, that is testing them. And you have probably a red, you know, how do you call it? Oh, got stuck. A red team. Red team, yeah. Just testing. Exactly. And this is also, you know, where a lot of these tests need to be automated, you need to make sure that you find the right, and then market is coming back, say, I want it to be agentic. Yeah. Or you've got to upgrade the model, see what it means, what are the security challenges. So if you look at, you know, the transition between the start of AI and how agentic has come about, and then MCP and so on, it's kind of asymptotic, right? Right. Right. It's going. Yeah. So that's a challenge. Yeah. And it requires continuous innovation, continuous adaptation, continuous upgrade of security challenges. And do you think that there is enough AI risk awareness, or are they aware to the risks that are associated with actually deploying all of this through the stack, and are they aware of that? It's coming in real fast. You see, you know, the developers themselves warning you that they... Oh, the developers themselves. The developers themselves that develop tools today, they are warning you, you know, be careful what you do, because I'm giving you an AI plugged in into this, and I cannot guarantee that it's not going to misbehave, ruin your data, etc., etc. So the warning, it's the first time you see, like, the warning coming from the same people that developed the product. Exactly. Okay. So, last topic. Yes. Quantum. Quantum. Suddenly, I mean, quantum is not new, and this strategy of harvest and decrypt later, harvest now, decrypt later, is not new, we've known it. But there is a sense, and maybe I'm wrong, but you can tell me, there seems to be a sense of urgency suddenly about being quantum resilient, quantum ready. Do you, first of all, agree that this is the case? What drives it, and what are the available solutions? I think it's hard right now to, you know, having, you read papers, you read news, and, you know, this thing seems to be closing in. Maybe you don't get quantum, but you still get very powerful compute. You get machine learning, you get all this kind of fast increasing compute capacity, because you don't need strictly a quantum computer, you could do it, you could simulate the quantum computer behavior with some super powerful computer. And so, more than what we think is kind of the push we get from our customers. So in reality, all the implementations in quantum that we have done, we, you know, we just listen to what our customers are demanding. For example, in the case of PQC, post-quantum, even if the algorithms, I think, are still under evaluation, we have been pushed by the banking sector to, you know, start working on certain ones, because, you know, they employ their own mathematicians that kind of get their own level of confidence, and so tell us, okay, get this one done. So that's, you know, not much what we think even, it's what kind of push we get from our own customers. And then again, they are the ones that hold the information, they are the ones that knows how risky it is, they do their own risk assessments, and as usual, we listen to them. Yeah, exactly. So, just to summarize, before we end this, three top challenges, or key challenges, quantum sovereignty AI. Filippos, thank you so much for your insight and your time. Thank you for having me. And that's all for this episode of Fortinet On Air, recording live at Mobile World Congress Barcelona in 2026. Fortinet On Air is available on YouTube, on all podcast platforms and Fortinet TV.
