A method for detecting threat pathways using sequence graphs includes constructing a sequence graph from a set of data containing information about activities in a telecommunications service provider network, where the sequence graph represents a subset of the activities that occurs as a sequence, providing an embedding of the sequence graph as input to a machine learning model, wherein the machine learning model has been trained to detect when an input embedding of a sequence graph is likely to indicate a threat activity, determining, based on an output of the machine learning model, whether the subset of the activities is indicative of the threat activity, and initiating a remedial action to mitigate the threat activity.