Beyond raw connectivity, today’s mobile networks have a wide range of operational capabilities that are especially useful for organizations across the economy. For example, mobile networks can verify a device’s location and confirm the identity of the owner and the quality of its connection, to either stop fraud or boost throughput, all in real time. However, exposing the full breadth of these capabilities in a safe and commercially viable way is proving challenging.
That’s because the latest wave of enterprise automation is built on the promise of generative and agentic AI, with AI agents that can interact with databases, APIs, software, and other agents to perform increasingly complex tasks and processes. But, as things stand, AI agents can’t access the capabilities of mobile networks in a consistent and secure way. If telcos don’t address this logjam, they won’t be able to completely capitalize on their extensive investments in 5G networks or the full potential of AI.
“Together, CAMARA, MCP, and F5 BIG-IP Next for Kubernetes create a powerful, multi-layered architecture where each component has a distinct and essential job.”
Mobile operators have long recognized the importance of providing enterprises and developers with standardized interfaces that are consistent across networks, wherever possible, to improve scaling and, interoperability, and minimize security risks. To that end, operators around the world helped define and agreed to use application programming interfaces (APIs) deployed by CAMARA, the open-source API project launched by the GSMA and the Linux Foundation at Mobile World Congress in 2022, to enable access to telco network capabilities.
However, while these relatively static APIs are robust for most functions, they are a poor fit with dynamic and fast-changing AI agents. Whereas new APIs might be released or existing APIs updated once or twice a year, AI agents are continuously evolving at a much faster rate.
One way to bring them into sync is to employ the Model Context Protocol (MCP), an open standard originally created by the AI company Anthropic to be the universal language between AI models and the outside world of databases to standardize the way large language models (LLMs) and AI agents integrate and share data with external tools, systems, sources, and APIs. But for various reasons, as a standalone proposition, MCP is a non-starter for any serious enterprise due to its very nature as a protocol only.
Model Context Protocol (MCP): A narrow bridge with no handrails
Supported by many of the leading companies across AI and enterprise technology, MCP is essentially a bridge between the API world and the agent world. But it is a narrow and treacherous one, and very vulnerable to attack.
As its name implies, MCP is only a protocol, a set of communication rules. It is a powerful protocol, but it does not provide the enterprise-grade security, scaling, or cost-control features needed for real-world use by major telecom companies handling millions of consumer and network requests in real time.Security weaknesses have already been identified in a number of MCP deployments, some high-profile. In the telecom world, MCP without safeguards could potentially allow agents to access sensitive, confidential data and resources and then accidentally leak them, and they may or may not be retrievable.
To be safe, fast, and reliable enough for the traffic generated by millions or tens of millions of users, MCP needs the support of both a “traffic control tower" and “armored security convoy.” F5 BIG-IP Next for Kubernetes, a cloud-native solution that manages and secures application traffic, can perform both of those roles—secure ingress as well as egress in Kubernetes clusters. It can bring order to the flow of AI requests, inspect them for threats, and ensure they have the necessary clearance to access network resources. Historically, this is what the flagship F5 BIG-IP has been doing for millions of large business-critical applications in countless deployments over decades.
Protected in this way, an MCP server could be an effective and secure means for translating technical API instructions (which a human developer would have to read) into simple, understandable “tools” that enable AI agents to automate the discovery of available network capabilities, compose them dynamically, and execute workflows, all via natural language interaction.
Furthermore, API integration is often simply too difficult for non-telco developers, leading to low rates of attention and engagement. By making network capabilities accessible to millions of “citizen developers” using AI prompts, MCP lowers the cost to deploy a wrapper at the container level. As it facilitates much greater automation, this architecture will make existing CAMARA-based capabilities significantly more valuable to enterprises.
AI agents could use a secure MCP architecture to tailor connectivity to meet the needs of enterprises in real time. For example, an AI agent working for a logistics company could use MCP to query a network API to locate a missing automated vehicle. Having located the vehicle, the agent could then use MCP to request a network quality-of-service improvement to enable the vehicle to live stream video of the obstacles preventing it from returning to the correct location.
A solution for carrier-grade security, scaling, and governance
F5 is in ongoing discussions with several telcos about how BIG-IP Next for Kubernetes can help them safely and effectively integrate MCP and CAMARA to be fit for the AI future. At Mobile World Congress (MWC) 2026 in Barcelona, from March 2-5, we will be demonstrating how BIG-IP Next for Kubernetes can provide the security, scaling, and governance layer that MCP lacks, making the entire system ready for carrier-grade and enterprise-level production.
Telcos want a solution that prevents direct attacks on MCP servers and prevents sensitive data exfiltration, while handling huge volumes of traffic. BIG-IP Next for Kubernetes can offload network processing from CPUs on to more efficient data processing units (DPUs) when and if required, delivering significant performance improvements for AI workloads.
To control the costs associated with AI usage, BIG-IP Next for Kubernetes can also monitor and limit agents’ usage of tokens, the units of data processed by AI models during training and inference, best understood as the currency of AI. Unchecked, there is a risk that individual AI agents could process vast numbers of tokens, running up huge compute bills for their enterprise owners. But F5 BIG-IP Next for Kubernetes provides the required “token governance” capabilities to track AI-related costs, prevent runaway agents from overspending, and ensure budgets are maintained.
Employ a smart agentic architecture
Together, CAMARA, MCP, and F5 BIG-IP Next for Kubernetes create a powerful, multi-layered architecture where each component has a distinct and essential job. You can think of it like building a smart home:
- CAMARA is the set of standardized electrical outlets and switches. Every light and appliance uses the same, predictable interface, no matter who manufactured it.
- MCP is the voice assistant, like Alexa or Google Home, that understands plain English (“turn on the lights”) and knows how to use the standard switches without being specially programmed for each one.
- F5 BIG-IP Next for Kubernetes is the home's central security system, circuit breaker box, and electricity meter. It prevents intruders (security), stops power surges (scaling), and tracks your energy bill to prevent surprises (token governance).
In combination, CAMARA-based APIs, MCP, and F5 BIG-IP Next for Kubernetes can turn complex, fragmented telecommunicatioins networks into secure, intelligent, and programmable platforms that AI agents can interact with safely, efficiently, and conversationally. With the ability to successfully and securely adapt APIs for the agentic AI era, telcos will be able to move beyond being simple connectivity providers to monetize many other intrinsic network capabilities, while maintaining customer trust and network integrity.
Visit us at Hall 2, Stand 2L20 during MWC 2026 to explore the architecture firsthand and discuss how to make your network AI-agent ready.
Also, check out our previous blog post, “Operational sovereignty: Why digital portability drives resilience.”
About the Author
Related Blog Posts
Responsible AI: Guardrails align innovation with ethics
AI innovation moves fast. But without the right guardrails, speed can come at the cost of trust, accountability, and long-term value.
Best practices for optimizing AI infrastructure at scale
Optimizing AI infrastructure isn’t about chasing peak performance benchmarks. It’s about designing for stability, resiliency, security, and operational clarity
Datos Insights: Securing APIs and multicloud in financial services
New threat analysis from Datos Insights highlights actionable recommendations for API and web application security in the financial services sector
Tracking AI data pipelines from ingestion to delivery
Enterprise data must pass through ingestion, transformation, and delivery to become training-ready. Each stage has to perform well for AI models to succeed.
Secrets to scaling AI-ready, secure SaaS
Learn how secure SaaS scales with application delivery, security, observability, and XOps.
How AI inference changes application delivery
Learn how AI inference reshapes application delivery by redefining performance, availability, and reliability, and why traditional approaches no longer suffice.