To address the challenges of dynamic RAN security compliance evolution and lagging manual auditing in the 6G era, this paper proposes the first LLM-based intelligent agent framework for closed-loop telecom RAN security compliance. The framework integrates retrieval-augmented generation (RAG), knowledge graph–driven standard mapping, and configuration semantic parsing to enable automated alignment across heterogeneous O-RAN and 3GPP specifications, interpretable compliance assessment, and actionable remediation recommendation generation. Its key innovation lies in embedding LLM agents into the telecom security governance loop—enabling autonomous reasoning, auditable decision-making, and trustworthy AI-driven governance. Experimental evaluation demonstrates 92% accuracy in configuration file compliance identification, along with automatic generation of natural-language audit reports and executable remediation scripts. The framework significantly improves auditing efficiency, transparency, and adaptability to evolving regulatory requirements.

Agentic AI systems are emerging as powerful tools for automating complex, multi-step tasks across various industries. One such industry is telecommunications, where the growing complexity of next-generation radio access networks (RANs) opens up numerous opportunities for applying these systems. Securing the RAN is a key area, particularly through automating the security compliance process, as traditional methods often struggle to keep pace with evolving specifications and real-time changes. In this article, we propose a framework that leverages LLM-based AI agents integrated with a retrieval-augmented generation (RAG) pipeline to enable intelligent and autonomous enforcement of security compliance. An initial case study demonstrates how an agent can assess configuration files for compliance with O-RAN Alliance and 3GPP standards, generate explainable justifications, and propose automated remediation if needed. We also highlight key challenges such as model hallucinations and vendor inconsistencies, along with considerations like agent security, transparency, and system trust. Finally, we outline future directions, emphasizing the need for telecom-specific LLMs and standardized evaluation frameworks.