CONFIDENTIAL — STRATEGIC PARTNER PREVIEW
CNS Communications · Paris · April 1st 2026

Autonomous
NOC

5-Agent AI Platform for Network Operations. From syslog to fix in 16–20 seconds. Human-in-the-loop, not human-in-the-way.

Eduard Dulharu, CTO — vExpertAI GmbH (CCIE)

16–20s
Syslog to Fix
5
Specialist Models
22/22
Dispatch Accuracy
70%
Automation Rate
See the Solution Live Scanner Demo
Today's Agenda

90 Minutes. One Decision.

Eight focused segments, each building the case for autonomous network operations.

0–10 min

The Problem

Alert fatigue, 3% automation, DORA is live

10–20 min

Why Now

DORA enforcement, NIS2, €100M/day exposure

20–35 min

Live Demo

5 agents, real routers, 16-second E2E

35–45 min

Architecture

ACP / A2A / MCP stack, fine-tuned models

45–60 min

ROI

€309K savings, 226% ROI, 3.7 month payback

60–75 min

Partnership

3 offers, revenue model, pilot scope

75–90 min

Client Fit

Projecting into your clients' environments

90+ min

Next Steps

Name a client, agree a 3-week follow-up

The Problem

Three Questions Every NOC Director Dreads

Ask these to any enterprise NOC director. The answers are the business case.

How many alerts does a NOC with 1,000 devices receive per day?

2,000 – 10,000

At TotalEnergies scale: 100,000/day. 70% are false positives.

What % of network operations is fully automated today?

< 3%

After decades of Ansible, Terraform, playbooks — 97% is still human labor.

Were your banking clients DORA-compliant on January 17, 2025?

Very few.

Automated network incident detection is mandatory. The deadline has passed.

Regulatory Urgency

The Compliance Clock Is Running

This is not a 'nice to have' conversation. It is a compliance crisis with a named deadline and a daily financial penalty.

DORA — IN FORCE NOW
  • Enforced since January 17, 2025
  • 4-hour window to report major incidents
  • Automated detection is mandatory
  • Penalty: 1% of daily turnover per day
  • For a €10B bank: €100M/day exposure
  • Boursorama, BNP, SG — all in scope
  • ACPR & Banque de France as enforcer
NIS2 — ENFORCEMENT 2027
  • 18 sectors including energy, banking, health
  • TotalEnergies, Nexans, Adecco in scope
  • 24h initial / 72h final incident report
  • Sales cycle = 3–6 months
  • Start now = ready before enforcement
  • ANSSI as French national authority
  • SecNumCloud sovereign deployment available
The Solution

5-Agent Autonomous NOC

AI diagnoses, generates, verifies. Human approves or rejects. One decision.

End-to-End Pipeline

⚡ 16–20 seconds end-to-end
Cisco RouterSyslog Event
Team LeaderAgent
SpecialistAgent
Digital TwinValidation
OperatorApproval Card

Human-in-the-loop, not human-in-the-way

AI diagnoses, generates, verifies. Human approves or rejects. One decision.

Specialist beats generalist

5 fine-tuned 7-8B models. Each domain-expert. OSPF, BGP, Security, Interface, Design.

No unverified fix reaches a human

3-pass Digital Twin gate. Graph sim → FRR clone → Confidence score. Tested before shown.

Architecture

5-Layer Protocol-Compliant Stack

Every layer uses an industry-standard protocol. Click any layer to explore its components.

Digital Twin Validation

How We Guarantee Safe Fixes

The LLM can be wrong. Every proposed fix is tested in an isolated clone before a human ever sees it. A bad fix never reaches the approval queue.

Digital Twin Validation Flow

Live Network vs. Isolated Digital Twin — step-by-step animated walkthrough

Ready·Press Play to simulate the pipeline
isolation boundaryLive NetworkR1 — fault detectedpassive-interface gi1 appliedMCP snapshots live stateshow run · show ip ospfshow interface · routing tableQwen2.5-7B proposes fixno passive-interface gi1✓ DT passed — gate 1.0fix is safe to surfacecard sent to humanHuman approval queueoperator reviews cardapprove or rejectFix applied to live R1MCP writes to real routerDigital TwinContainerlab topologyR1 · R2 · R3 virtual nodessame config as live snapshotDT reproduces faultpassive-interface gi1 appliedFix applied in DTrouter ospf 1no passive-interface gi1DT verifies outcomeOSPF adjacency restored?show ip ospf neighborneighbor back to FULL?Gate score computed1.0 = fix worked cleanly0.0 = fix made it worse✗ DT failed — gate 0.0fix is unsafecard blocked or flaggedWhy DT validation mattersThe LLM can be wrong. The fix is tested in an isolated clone beforea human ever sees it. A bad fix never reaches the approval queue.
Live Network
AI / LLM
Digital Twin
Gate Pass
Gate Fail
Human Loop
Live Demo

What You Are About to See

Three real-world scenarios on live Cisco CSR1000v routers. Run each simulation to see the AI pipeline in action.

Scenario 01

OSPF Hello Timer Mismatch

Stability Agent · Qwen-2.5-7B

~8 sec

LIVE SYSTEM

http://3.122.185.85:8501 →

AWS EC2 eu-central-1 · Real Cisco CSR1000v

EXECUTION TIMELINE

1

Misconfigure hello timer on R1

neighbor down event triggered

2

AI collects live OSPF data via MCP

show ip ospf neighbor · show run

3

Diagnoses timer mismatch

hello 10s vs 40s dead timer conflict

4

Proposes fix

no ip ospf hello-interval

5

Digital Twin validates

OSPF adjacency restored to FULL

6

Card sent to human approval

gate score 1.0 — safe to apply

LIVE NOW

Product 1 — scanner.vexpertai.com

Select any vendor (Cisco, Juniper, Palo Alto, Fortinet), enter platform + version + features, and get a CVE list, DORA/PCI compliance gaps, and AI-proposed remediation in ~30 seconds.

CVE list with CVSS severity scores
DORA Article compliance map
PCI DSS gap analysis
AI-proposed remediation steps
Exportable compliance report
No installation · Any vendor · Live NIST DB
Open Live Demo

HOW IT WORKS

1
Select vendor: Cisco, Juniper, PA, Fortinet
2
Platform + software version + features
3
AI queries local NIST CVE database (nightly)
4
CVE list, DORA/PCI gaps, fix proposal
5
Output in ~30 seconds
Business Case

ROI — The Numbers

400 incidents/month baseline. Conservative estimate. From go-live.

0
Annual Labor Savings
400 incidents/month baseline
0
ROI Year 1
Conservative estimate
0
Payback Period
From go-live
0
Automation Rate
Covered incident types

NOC Labor Math — France

NOC L1 (fully loaded)€46,000 – €60,000/year
24/7 NOC minimum 5 FTE€350,000 – €530,000/year
AI handles 70% of incidents3.5 FTE freed
Freed engineer value€161,000 – €210,000/year
Recovered capacity3–5 hours per engineer per day

CNS Revenue Model (5 clients)

Discovery + deploy€50k – €150k per client
AI Champion training€20k – €40k per cohort
Managed AI NOC€10k – €30k/month per client
Customization T&M€500 – €800/day
5 clients total ARR€600k – €1.8M ARR
Partnership

Three Offers on the Table

Choose the engagement model that fits CNS's timeline and risk appetite.

Close TODAY
01

Paid Pilot

€28,000· 10 weeks
  • scanner.vexpertai.com + AI NOC together
  • DORA compliance story for financial clients
  • Milestone payments — pay for what's delivered
  • Discovery → Deploy → Shadow → Live mode
  • Target: Boursorama, TotalEnergies, Nexans
  • Ask: Name one client. Agree a joint call date.
RECOMMENDED
Close in 3 WEEKS
02

Co-Development Partnership

50/50 IP· DORA/NIS2 Module
  • Joint DORA/NIS2 compliance module
  • AI SOC beta — CNS shapes the product
  • French-sovereign, no US vendor can match
  • CNS becomes first partner in production
  • Formal MOU + revenue-sharing model
  • Ask: Agree 3-week follow-up for formal terms.
Close in 30 DAYS
03

AI Champion Program

€22,000· Per cohort
  • Covers all 3 products: scanner, NOC, SOC
  • CNS-branded certification program
  • 4 months, live system as hands-on lab
  • Year 2: train-the-trainer, CNS keeps 100%
  • Target: 2–3 consultants per client team
  • Ask: Schedule Track 1 for May 2026.
Client Fit

Projecting Into Your Client Environments

Three CNS clients with immediate fit. Pain mapped to solution. Deployment timeline indicated.

Boursorama

Banking (SG Group) · DORA regulated

NOW
Pain

MTTR 4–8 hours. DORA requires 4-hour reporting. Every day is a compliance liability.

Fit

scanner.vexpertai.com generates the ICT risk register. AI NOC cuts MTTR to minutes. DORA Article 17+18 satisfied on day one.

TotalEnergies

Energy · Global estate · NIS2 scope

Q2
Pain

100K alerts/day. BGP instability between trading systems. Compliance documentation manual.

Fit

AI NOC handles routing protocol diagnosis autonomously. Audit trail is the compliance artifact. SecNumCloud deployment available.

Nexans

Manufacturing · Global supply chain

Q3
Pain

35+ countries, mixed-vendor gear, no unified NOC visibility. Security policy drift across acquisitions.

Fit

Vendor-agnostic platform. Cisco + others. Security agent handles ACL drift. Champion program trains local IT teams.

All deployments: on-premise or OVHcloud SecNumCloud · Vendor-agnostic · Zero config data leaves client perimeter

Objection Handling

Handling the Hard Questions

Every objection has been heard. Every answer is grounded in architecture.

AI hallucinations are dangerous

The LLM cannot SSH to routers — it can only PROPOSE. 3 gates before any human sees it: confidence scorer → graph simulation → FRR container clone. Safer than your L1 engineer at 3am.

We already have Dynatrace / Splunk

We integrate with them. We add the reasoning layer on top. Not a replacement — an orchestrator. Your existing stack stays. We make it intelligent.

How is this different from Cisco AI?

Cisco requires all-Cisco gear. 90% of enterprises are mixed-vendor. We're vendor-agnostic. And Cisco sends your config to their cloud — we run 100% on-premise.

Data sovereignty / ANSSI compliance?

Zero data leaves client perimeter. OVHcloud SecNumCloud deployment available. AWS and Azure are NOT SecNumCloud certified — we are the only credible sovereign answer.

What if the pilot fails?

Fixed scope, fixed price, success criteria in the contract. Milestone payments — you only pay for what's delivered. Risk is bounded by design.

The timing isn't right

DORA is already enforced. NIS2 enforcement starts 2027 — 18 months away. Sales cycle is 3–6 months. Start now or you're in the crisis window.

Product 2

AI SOC — Co-Development Opportunity

25–30% to production. 9 sprints · ~9 months. CNS shapes what AI SOC looks like in production.

5 Autonomous Security Agents

T1

Triage Agent

4-track ML engine. Eliminates noise before it reaches humans. Sub-30s detection.

T2

Investigation Agent

Evidence-grounded root cause. Pulls from SIEM, EDR, network flows. Every verdict requires citations.

T3

Security Agent

Detects AI-generated threats via behavioural ML, malware analysis, semantic phishing + TLS fingerprinting.

T4

Hunt Agent

Proactive threat hunting across network graph. Connects dots across hosts, users, and time.

T5

Remediation Agent

Human approval gate + pre-registered rollback. Every action reversible. Nothing touches production unvalidated.

The CNS Opportunity — Offer 2

CNS shapes what AI SOC looks like in production
50/50 IP — French-sovereign, no US vendor can match
First mover: define the standard for EU financial services
DORA Art.17+18 + NIS2 Art.21 compliance built-in
Integration with your clients' existing SIEM/EDR stack
CNS becomes the first and only production AI SOC partner
This is not a finished product — it is the co-development partnership. CNS does not buy it. CNS builds it with us and owns half the IP.
Next Steps

Two Things Before We Leave

01

Name One Client

Not a signed contract. A name and a date for a joint technical scoping call. 10-week pilot, fixed scope, milestone payments.

02

Agree a 3-Week Follow-Up

Formal co-development partnership terms. Revenue-sharing model. MOU scope. DORA/NIS2 compliance module joint IP.

"Two things before we leave. First — name one client for the 10-week pilot. Not a signed contract today. A name and a date for a joint call. Second — agree a 3-week follow-up where we present the formal co-development terms. Can we agree on both today?"