Use Cases/Telecom Agents

Runtime authorization for telecom AI agents.

A carrier-care or B2B-telco agent with OSS/BSS, NumberPortal, and HSS credentials can authorize a SIM swap, port a number out to a fraudster, change a subscriber's plan without consent, or fire a million-text campaign in a single tool loop. SSO and OAuth confirm the agent reached the API. Veto decides whether the specific port, SIM provisioning, plan change, or outbound message is allowed under your FCC, CPNI, and TCPA rules.

CPNI (47 CFR 64.2010)FCC port-out rules (2024)CALEATCPA
Sign upRead docs

What can go wrong

Telecom accounts are high-value targets: the phone number often becomes the credential for SMS-based MFA across the financial system. Port-out, SIM-change, and customer-service workflows need explicit verification gates before an agent can touch subscriber identity.

SIM-swap and port-out fraud

A customer-care agent is socially engineered into porting a subscriber's number to a fraudster's device. From there, the attacker has the SMS-based 2FA for every bank and exchange the victim uses.

Plan and feature changes without consent

A retention agent reads "the customer wants to switch plans" out of an inbound chat from a bot, and commits a downgrade that triggers a $200 early-termination charge. The customer sees the charge before support catches it.

Mass-text TCPA violations

A growth agent sends a "win-back" SMS to a CRM segment that includes opted-out and DNC numbers. The send should fail before the campaign leaves the queue.

CALEA and lawful-intercept exposure

An ops agent tasked with "checking line provisioning" enumerates tools that touch lawful-intercept configuration. Even a read of these systems by a non-authorized identity is a CALEA compliance event.

What Veto enforces

Wrap the OSS/BSS, number-portability, provisioning, and outbound-messaging tools your agent uses. Argument-level policies check verification, channel, time, and audience size.

veto/policies/telecom-agents.yaml
policies:
  - name: "Port-out and SIM-swap protection"
    match:
      tool: ["bss.initiate_port_out","provisioning.swap_sim","provisioning.add_esim"]
    rules:
      - condition: "subscriber.mfa_verified != true"
        action: deny
        reason: "FCC 47 CFR 64.2010 verification required"
      - condition: "subscriber.recent_device_change_hours < 24"
        action: require_approval
        approvers: ["fraud-ops@carrier.invalid"]
      - condition: "request.origin_state != line.state_of_record"
        action: require_approval
        reason: "Out-of-state port request"
      - condition: "line.high_risk_score > 0.7"
        action: deny
        reason: "Fraud-score threshold tripped"

  - name: "Plan and feature change consent"
    match:
      tool: ["bss.change_plan","bss.add_feature","bss.remove_line"]
    rules:
      - condition: "args.triggers_etf == true && args.consent_method != 'recorded_voice'"
        action: deny
        reason: "ETF-triggering change requires recorded consent"
      - condition: "tool == 'bss.remove_line'"
        action: require_approval
        approvers: ["account-holder","retention-supervisor@carrier.invalid"]
      - condition: "args.affected_lines > 5"
        action: require_approval

  - name: "TCPA outbound-SMS guard"
    match:
      tool: ["sms.send_bulk","mms.send_bulk"]
    rules:
      - condition: "any(recipients, r => r.dnc == true || r.opted_out == true)"
        action: deny
        reason: "TCPA and DNC violation"
      - condition: "recipient_local_time outside ['08:00','21:00']"
        action: deny
        reason: "TCPA quiet-hours rule"
      - condition: "recipients.length > 1000"
        action: require_approval
        approvers: ["growth-lead@carrier.invalid","compliance@carrier.invalid"]

  - name: "CALEA isolation"
    match:
      tool: ["lawful_intercept.*","wiretap.*"]
    rules:
      - condition: "true"
        action: deny
        reason: "CALEA-relevant tools are out of agent scope"

Evidence hooks

CPNI (47 CFR 64.2010)

Carriers must authenticate the customer before disclosing or modifying account data. Veto's MFA-verified check is the artifact the FCC asks for after a breach.

FCC port-out and SIM-change rules (2024)

Carriers verify the subscriber and notify on old and new lines. Veto per-call policy records can preserve the evidence record for that verification.

CALEA

Lawful-intercept paths are off-limits for AI customer-service agents. A categorical deny rule can enforce this at the tool-call layer.

TCPA

DNC, opt-out, consent-source, and quiet-hours rules can be checked at the send tool before the message goes out.

Where controls matter

Telecom regulators increasingly expect stronger authentication, access controls, and record-keeping across customer-care workflows, including AI-assisted ones.

Port-out, SIM-change, and outbound messaging tools need explicit verification, opt-out, quiet-hours, and high-volume approval rules before the action reaches a carrier system.

Frequently asked questions

How does Veto reduce SIM-swap and port-out fraud risk?
Port-out, SIM-replacement, and eSIM-provisioning tools are wrapped with a policy that requires multi-factor verification on the subscriber's account, a fresh validity check against port-out rules, and a deny on newly added devices. Suspicious patterns require a callback to a verified number, never the new device. Veto records can preserve the verification evidence reviewers need under 47 CFR 64.2010.
Does this work with CALEA lawful-intercept obligations?
Yes. Veto policies do not interfere with lawful-intercept compliance, that path uses dedicated network-element controls that are out of band for customer-facing agents. What Veto does enforce is that customer-facing AI agents cannot read, modify, or expose CALEA-relevant configuration. Any tool call touching wiretap or call-content systems is denied at the SDK layer.
Can agents still process routine plan and feature changes?
Yes. Auto-renewal, add-on plan additions under a configured monthly cost, and standard feature toggles auto-approve. Plan downgrades to prepaid, line removal, account-holder change, and any change that triggers an early termination fee require human approval. Bulk changes across more than a few lines on a single account require approval regardless of cost.
How does this map to TCPA and FCC mass-text rules?
Outbound SMS/MMS tools have audience caps and time-of-day rules built in. The agent cannot send to numbers on the National Do Not Call Registry or that have opted out, cannot send during quiet hours, and bulk sends require approval. Veto gives the send tool a policy boundary before a campaign reaches customers.

Related use cases

Customer Support

Service-desk approvals, refund ceilings, and identity-verification gates.

Marketing Agents

Outbound send-list, opt-out, and budget controls for any large messaging surface.

Financial Agents

Payment, refund, and account-data controls that downstream SIM-swap fraud targets.

Stop one SIM swap. Save a customer and a federal investigation.

Pick one OSS/BSS, port, or messaging policy.

Sign upBook a call