The official standards for 6G are set to be announced by the end of 2029. While the industry is moving towards consensus around how the 6G network will be built, it also needs to anticipate how it will be compromised and make sure to build it with a secure-by-design approach.
Telecom industry leaders need to anticipate novel vulnerabilities and attacks specific for 6G. Unlike the previous generation of wireless, 6G will expand to even more connected technologies, thus creating an expanded attack surface. There will also be greater integration of AI, which will expose the network to a host of new attacks.
Although these are new vectors, a majority of 6G threats won’t be totally new: The industry is already protecting IoT devices at scale and we’re getting better at combatting AI threats as we learn more about them.
That said, there are still some unknowns on the horizon. By the time 6G is launched it will coincide with the rise of quantum level adversaries that will be capable of decrypting sensitive information. As a result, quantum resistant technology must be considered in the development of 6G.
The next generation of attacks
While the precise details of the 6G network are still emerging, there are several high-priority risks that must shape its design.
The bridge to 6G will see consumers and businesses integrate far more than smartphones and IoT sensors: autonomous vehicles, drones, industrial robots, immersive AR/VR systems, and even space-based platforms will all be part of the network. This massive surface within the network provides attackers with several points of entry.
Many of these next generation technologies will only be possible with the ultra-low latency communication that 6G will enable. By adding a layer of security, there’s a danger of creating delays or adding complexity to the network. Embedding security with minimal disruption is going to be essential to delivering on the technology promises.
In addition, AI will make-up an integral part of the network. It’s a big leap from 5G where AI has been mostly used in traffic management and threat detection. AI in 6G will be a foundational pillar across the network stack for services like self-optimizing networks, sensing, and dynamic spectrum use.
However, attackers will know this and see it as an avenue of attack. Model poisoning, for example where attackers manipulate data that’s fed to machine learning (ML) models, could have vast implications. If AI models in traffic management are poisoned, they might misallocate bandwidth or spectrum. For example, emergency services could be denied priority during a crisis, while less critical traffic gets resources. Another example could be in a network self-healing preventing the network from detecting or repairing faults and allowing attackers to cause persistent outages or degrade service quality.
Building an Intelligent Trusted Network
As we approach the 6G era the industry needs to agree on the standards for 6G security to provide the best approach to its security. Within ETSI one approach is to build 6G as an Intelligent Trusted Network (ITN), a network which aims to provide comprehensive communication services, securing endpoints and users while using the capabilities of future network environments.
Rather than replacing existing infrastructure, the ITN acts as an overlay, integrating multiple access technologies under a single, high-assurance security umbrella.
A large part of this uses a zero trust security model. This approach allows secure communication with end devices without depending on the security protocols of other networks which may vary significantly in maturity and resilience.
The idea is that ITN is designed to accommodate multiple operators, each with their own security and trust frameworks, enabling interoperability while maintaining safeguards.
Depending on the service, security requirements will differ. Low-data, low-latency tasks such as temperature sensor readings demand very different protections compared to highly sensitive applications like those in critical industries like health or banking. The idea is to be more flexible by applying tailored controls that account for variations in bandwidth and latency.
It also addresses the challenge of securing legacy protocols that are known to have exploitable vulnerabilities. By placing an intelligent, adaptive security overlay above these older systems, the ITN aims to minimize its weaknesses without disrupting essential services.
To achieve this vision, the ITN will have multiple layers of defense:
- Minimum baseline security standard (MBSS): A unified framework of security policies and controls applied across all network functions to minimize vulnerabilities from the beginning.
- Autonomous security assurance: AI driven monitoring and response systems that can detect unusual behaviors, enforce policies, and reconfigure connections in real time.
- Quantum-resistant cryptography: Encryption methods designed to combat quantum-enabled decryption.
- Granular trust management: Dynamic validation of every interaction from device-level authentication to application-layer controls based on predefined risk and trust profiles.
As AI will make up a large part of 6G, threats such as model poisoning and data exfiltration will require more advanced countermeasures, including strict limitations on model queries to reduce the potential for exploitation.
Building a network with security first
Much like ultra-low latency and sustainability, security will be a crucial part in 6G standards development from the beginning.
This direction is already aligned with global regulatory momentum, including the EU Cyber Resilience Act, and the UK’s Telecommunications Security Act. An ITN provides a vision across a highly diverse and fragmented network environment.
Making this a reality will require a great deal of industry cooperation. Operators, equipment vendors, standards bodies, and regulators will need to align on shared agreements, frameworks, and security baselines to ensure interoperability.
As 2029 gets closer, the telecom industry needs to plan. And while we explore the potential for 6G-enabled technologies, we must also consider how each part may pose a risk within the network.
