Detecting 5G attacks with AI is the focus of a new research project from the University of Surrey. According to the university, TwinGuard detected Handover Flooding and E2 Subscription Flooding in two 5G test environments in under 100 milliseconds; current sources describe the approach as a research framework rather than a product already deployed for operational use. Still, this is at least one genuinely positive AI story.
Detecting 5G attacks with AI in O-RAN networks
The University of Surrey presented a research project on an AI-based defense approach for 5G networks on March 10, 2026. According to the university, the TwinGuard framework detected and blocked complex attacks in two test environments in under 100 milliseconds. The focus is on Handover Flooding and E2 Subscription Flooding, meaning attacks against control and signaling processes in open mobile network architectures. For the security assessment, the key point is that the announcement does not describe a new vulnerability with a CVE identifier, but rather a defense mechanism that was evaluated in research environments.
TwinGuard combines a digital twin of the network with reinforcement learning. According to the current sources, the digital twin continuously mirrors the state of the infrastructure and is updated at very short intervals. On that basis, the system is intended to distinguish normal behavior from suspicious behavior and trigger countermeasures before an attack can cause greater disruption to network operations. The approach addresses a problem that is becoming more important with O-RAN and virtualized cores: the more open and modular 5G architectures become, the larger the attack surface grows across interfaces, controllers, and software-defined components.
Detecting 5G attacks with AI in two test environments
The researchers tested TwinGuard in two different 5G scenarios. The first was a simulated multi-cell O-RAN setup with several radio cells. The second was a fully virtualized 5G core based on OpenAirInterface and controlled through FlexRIC. In both environments, the system reportedly detected and blocked attacks in less than 100 milliseconds. In Handover Flooding, mobility management is burdened by a large number of manipulated or induced handover events. In E2 Subscription Flooding, the controller is overloaded with requests in order to disrupt normal control functions. According to the university, the focus is explicitly on attacks against the control plane rather than classic vulnerability reports involving end devices or base station firmware.
This point matters for proper classification, because current headlines can quickly create the impression of an immediately deployable protection product. At present, however, TwinGuard is still a scientifically published defense approach that has been validated in realistic 5G test environments. The current sources also do not indicate any ongoing exploitation of these two attack scenarios in public mobile networks. The exploit status therefore remains limited to the research scenario described.
When could the technology be ready for deployment?
The current sources do not provide metrics for continuous use in production carrier environments. There is no robust data on false positives, resource requirements, throughput under load, integration into existing O-RAN deployments, or interoperability with vendor-specific implementations. The recent publications also leave open questions about regulatory and operational requirements for the safe use of a digital twin in a live environment.
Implications for 5G and 6G security
The security value of the research lies primarily in reaction time and its behavior-based approach. Traditional systems often rely on signatures or rules and only respond reliably once an attack pattern is already known. TwinGuard, by contrast, is designed to detect deviations from normal conditions while they are unfolding. In open 5G networks with many software-based components, that is fundamentally plausible because attacks there do not always match the familiar patterns of traditional IT environments. From a research perspective, the work is therefore relevant because it shows that AI-assisted defense can be intended not only for post-event analysis but also for very fast countermeasures within network control functions.
The current publications identify larger multi-cell environments as the next step. That suggests the authors themselves do not yet view the transition into production networks as complete. There are also currently no signs from vendors that TwinGuard has already been integrated into commercial O-RAN or 5G core products. As a mitigation concept, only the general research approach can therefore be named: digital twins plus reinforcement learning for early detection and blocking of suspicious control-plane activity.
