To address the security challenges posed by the undefined 6G network architecture, dynamically expanding attack surfaces, and the lag of conventional security mechanisms behind technological evolution, this paper proposes a programmable, adaptive hardware-software co-designed security plane. The architecture integrates software-defined networking (SDN), network function virtualization (NFV), and programmable data planes, introducing a novel dual-driven paradigm: “predictive modeling + dynamic security function orchestration.” Predictive models proactively assess potential threats to enable pre-deployment validation of security policies, while real-time function orchestration supports on-demand deployment and elastic updates. Compared with static defense approaches, the proposed solution significantly enhances responsiveness to zero-day threats and strengthens proactive defense capabilities. It establishes a sustainable, evolvable security infrastructure for trustworthy 6G networks.

6G networks promise to be the proper technology to support a wide deployment of highly demanding services, satisfying key users-related aspects such as extremely high quality, and persistent communications. However, there is no service to support if the network is not reliable enough. In this direction, it is with no doubt that security guarantees become a must. Traditional security approaches have focused on providing specific and attack-tailored solutions that will not properly meet the uncertainties driven by a technology yet under development and showing an attack surface not completely identified either. In this positioning paper we propose a softwarized solution, defining a Security Plane built on a top of programmable and adaptable set of live Security Functions under a proactive strategy. In addition, in order to address the inaccuracies driven by the predictive models a pre-assessment scenario is also considered ensuring that no action will be deployed if not previously verified. Although more efforts are required to develop this initiative, we think that such a shift paradigm is the only way to face security provisioning challenges in 6G ecosystems.