Communications Services Providers (CSPs) are accelerating investment in AI faster than they are establishing the governance and assurance needed to trust it at scale.
AI is moving into core operational workflows, beginning to influence billing, service configuration and revenue recognition, with a growing ambition to automate decisions end-to-end. For CSPs, the question is no longer whether AI can improve efficiency, but whether its decisions can be governed, explained and trusted as autonomy increases.
According to McKinsey, nearly 8 in 10 companies are using generative AI, yet roughly the same percentage report no material contribution to earnings, and only 1% consider their AI strategy mature. This gap between adoption and impact is telling: widespread AI use does not automatically translate into value unless governance, integration and operational trust are in place.
McKinsey’s Agentic AI Mesh framework captures this shift. It describes how multiple AI agents operate as a coordinated network across enterprise systems rather than as isolated tools. As these agents become autonomous actors, risk emerges from coordination failures between models, workflows, policies and accountability frameworks, leading to opaque or conflicting decisions. In regulated industries like telecoms, this coordination challenge is business-critical.
The question leaders now face is not whether to adopt agentic AI, but how to govern it safely at scale. This article explores the principles CSPs need to put in place to manage autonomy without losing control.
When AI Acts, Security Becomes a Business Problem
AI is increasingly being introduced into operational workflows, from network optimisation and service assurance to early applications in billing automation and customer lifecycle management. While most of these deployments remain supervised or limited in scope, the decisions they inform can be commercially and legally binding.
An AI model that misprices a service or misapplies a discount introduces revenue leakage, audit exposure and regulatory risk at machine speed. As multiple AI agents begin interacting across interconnected BSS/OSS platforms, even small errors can cascade rapidly, often without clear visibility into cause and effect.
McKinsey notes that while horizontal AI use cases (like copilots and chatbots) are scaling, 90% of high-value, vertical AI use cases remain in pilot. For CSPs, this highlights the risk of operational AI experiments being deployed without governance in mission-critical systems, exactly where BSS and OSS decisions have financial, regulatory and customer impact.
Why Traditional Security Models Fall Short
Historically, telecom security focused on infrastructure resilience, network integrity and access control. While still essential, these measures cannot protect decision integrity or process accountability, which are now critical in BSS and OSS.
Agentic AI introduces new exposures: decisions made autonomously, continuously adapting models, and actions that impact revenue and compliance. A lack of embedded governance creates significant operational and regulatory liability for CSPs, as it impairs their ability to justify decision-making.
Embedding Trust into Automation
McKinsey reframes AI security as a coordination challenge, not a technical one. For CSPs, this is most acute in BSS/OSS, where AI decisions can directly affect revenue, customer outcomes and compliance. Trust must be engineered into automation itself.
One vendor taking a lead in this area is Cerillion. From its perspective, responsible AI adoption is operational, not theoretical. It requires:
- Explainable AI across billing, credit, and customer interactions
- Policy-driven automation, ensuring AI operates within commercial and regulatory boundaries
- Continuous observability, so every AI action can be audited
- Clear accountability, even as autonomy increases
In these environments, AI does not merely optimise processes, but it also enforces contracts, applies tariffs and resolves disputes. Governance is essential.
Composable AI: A Foundation for Control
As CSPs look to scale AI beyond isolated use cases, a multi-model future is emerging. Operators are beginning to combine vendor-specific tools, domain-specific models and internal engines; however, monolithic platforms risk creating blind spots.
A composable AI approach allows CSPs to:
- Apply consistent governance across diverse AI models
- Limit the authority of individual agents
- Swap or evolve models without destabilising critical processes
- Maintain auditability as AI autonomy grows
Cerillion has highlighted this in practice: composable AI integration enables CSPs to adopt multiple models while maintaining security, auditability and operational control, rather than locking into a single provider or brittle architecture. This approach directly supports McKinsey’s vision of the Agentic AI Mesh by embedding trust and governance into AI-driven workflows.
Composable AI enables CSPs to scale innovation without surrendering control, aligning with the Agentic AI Mesh’s principles.
Closing the Gap: Security as the Enabler of AI Scale
The key insight from McKinsey is clear: security and governance are no longer constraints; they are enablers of sustainable AI adoption. AI maturity is measured not by the number of models deployed, but by the ability to govern autonomous decisions across complex, interconnected systems. Trust, transparency and accountability are now as important as efficiency and performance.
For CSPs, this requires a fundamental shift: from protecting systems to embedding governance directly into AI-driven operations. Cerillion’s perspective is that as AI becomes more agentic, telecom businesses must remain in control, ensuring that every decision, workflow and integration is explainable, compliant and resilient.
The future belongs to organisations that can coordinate AI agents at scale, maintaining operational trust while unlocking the benefits of automation. In telecoms, automation may be inevitable, but trusted automation is a strategic choice.
