SBC Topology Hiding for AI Voice Gateways in 2026: What to Strip and Why

A SIP trace from your AI voice agent should look like an opaque box. If an attacker can read your private IPs, SBC vendor, or which AI model handles which DID off the Via and Record-Route stack, you have made their reconnaissance free.

Background

flowchart TD
  Out[Outbound campaign] --> Twilio[Twilio Voice API]
  Twilio --> STIR[STIR/SHAKEN attestation]
  STIR --> Carrier[Originating carrier]
  Carrier --> Term[Terminating carrier]
  Term --> Recipient[Recipient phone]
  Recipient --> Webhook[/voice webhook/]
  Webhook --> Agent[AI sales agent]

Topology hiding is the SBC function that strips internal-network information from SIP messages crossing the access or peering boundary. It rewrites or removes Via, Record-Route, Path, History-Info, Service-Route, and the SDP o= and c= lines so internal IPs and hostnames never appear in upstream signaling. The function exists because SIP was designed for transparency and proxies are obligated to record every hop they touch; topology hiding intentionally breaks that transparency at the trust boundary.

For AI voice gateways the stakes are higher than for traditional PBX SBC deployments. Your media servers are GPU-attached, expensive, and often run a homemade WebSocket bridge. Leaked hostnames invite targeted DoS, model fingerprinting, and SDP-based attacks on the bridge itself.

Technical deep-dive

A typical un-hidden Twilio-to-AI bridge SIP trace looks like:

INVITE sip:+19175551212@bridge.callsphere.ai SIP/2.0
Via: SIP/2.0/UDP edge-2.callsphere.ai;branch=z9hG4bK-abc
Via: SIP/2.0/UDP 10.42.7.91:5060;branch=z9hG4bK-def
Record-Route: <sip:edge-2.callsphere.ai;lr>
Record-Route: <sip:10.42.7.91:5060;lr>
Contact: <sip:bridge@10.42.7.91:5060>

That trace tells an attacker the bridge runs on 10.42.7.91 inside the private VPC. After topology hiding by the SBC the same INVITE looks like:

INVITE sip:+19175551212@bridge.callsphere.ai SIP/2.0
Via: SIP/2.0/TLS sbc-edge.callsphere.ai;branch=z9hG4bK-anon
Record-Route: <sip:sbc-edge.callsphere.ai;lr;tls>
Contact: <sip:bridge-anon@sbc-edge.callsphere.ai;tls>

Internal Via and Record-Route are coalesced or replaced; the Contact and SDP origin point to the SBC's public address. The SBC keeps the dialog state mapping internally so in-dialog requests still route correctly.

# Kamailio 6.0 example using topoh module
modparam("topoh", "mask_key", "callsphere2026rotateme")
modparam("topoh", "mask_ip", "1.1.1.1")
modparam("topoh", "uparam_name", "line")
modparam("topoh", "uparam_prefix", "tx_")
modparam("topoh", "vparam_name", "branch")
modparam("topoh", "vparam_prefix", "z9hG4bK.")

The Kamailio topoh module mask-encrypts internal hostnames into a token that the same node can decrypt on response, achieving topology hiding without breaking dialog routing.

CallSphere implementation

CallSphere terminates every leg on Twilio Programmable Voice across all six verticals. Twilio's edge acts as our SBC; their *.twilio.com and *.pstn.twilio.com hostnames are the only addresses external SIP traces see. Behind Twilio our FastAPI :8084 Healthcare bridge, OpenAI Realtime endpoints, and the WebSocket bridges run on private VPC IPs that never appear in any SIP message. For Sales Calling AI's 5 concurrent outbound calls per tenant we set a custom From header through Twilio's API but rely on their SBC to strip everything internal. After-Hours AI uses Twilio simul call+SMS to on-call staff with a 120-second timeout where the SBC layer also enforces caller ID consistency. Across 37 agents, 90+ tools, 115+ DB tables, HIPAA + SOC 2 alignment, $149/$499/$1499 pricing, and the 14-day trial, no internal name resolves from a customer-side SIP trace.

Implementation steps

1. Audit your current SIP traces from an external endpoint; if you see private IPs you have a topology leak.
2. Decide where the hiding happens: Twilio/Telnyx-as-SBC if you do not run your own, or Kamailio/Asterisk PJSIP/AudioCodes/Oracle ACME on a dedicated edge.
3. Configure Via stripping or coalescing for outbound responses.
4. Configure Record-Route rewriting so in-dialog requests come back through the SBC, not the internal node.
5. Strip internal SDP origin and connection lines on the answer; replace with the SBC public address.
6. Strip History-Info and Service-Route headers if you do not need them downstream.
7. Hide User-Agent and Server headers; advertising "Asterisk 22.0.0" or "FreeSWITCH 1.10.11" is reconnaissance gift-wrapping.
8. Test from outside with sngrep or sipgrep; verify no internal IP, hostname, or version string appears.

FAQ

Does topology hiding break call recording or transcription? No, recording happens internally before or after the SBC and is not signaled in customer-facing SIP messages.

Will it break SIP REFER transfers? Properly implemented, no. The SBC has to mask and unmask Refer-To URIs, but every commercial SBC and Kamailio's topoh module handle this.

Is it required by HIPAA or SOC 2? Not by name. SOC 2 CC6 and HIPAA Security Rule 164.308 cover access controls; topology hiding is one specific control that supports the principle of minimum disclosure.

What about IPv6? Same rules. Strip internal IPv6 addresses as carefully as IPv4. The leak surface is identical.

Does Twilio do this automatically? Yes for inbound to your origin server. The hostname Twilio presents on the SIP trace is the public Twilio edge, not your private bridge.

Sources

• Wikipedia: Session Border Controller
• TelcoBridges: How SBCs Protect Voice Networks
• Microsoft: Production-Ready SIP Gateway for Azure Voice Live

Start a 14-day trial on a hardened SIP edge, see pricing, or contact us about SBC topology hiding for regulated AI voice deployments.