Friday 26 June 2026 20:01:38 GMT+02:00

Netcrook

HomeManifesto
News
Corporate Security IncidentsCloud, SaaS & Identity SecurityIndustrial Cybersecurity & Critical InfrastructureCyber Intelligence, TrendsAI Security & Agentic SystemsCyber Intelligence & Threat TrendsCyber WarfareCyber Warfare & Nation-State OperationsCyber CriminalityBreaches & Data LeaksCybercrimeMalware & BotnetsRansomware & ExtortionSecurity Awareness & Social EngineeringLegal PolicyLegal, Policy & Government CybersecurityPrivacy, Regulation & ComplianceTechnology, InnovationTechnology, Innovation & Digital InfrastructureVulnerabilities Patch ManagementResearch, Exploits & Offensive SecurityVulnerabilities & Patch Management
Techcrook
Tutte le tecnologieIdentita e accessoFirewall e reteBackup e archiviazioneEnergia e continuitaPrivacy e sicurezza fisicaLaboratorio e prototipazioneStampa e tracciabilitaTecnologia quotidiana
Geocrook
AfricaAsiaEuropeMiddle EastNorth AmericaOceaniaSouth America
WikicrookTeamAppContact
EnglishItalianoArabic
Technology, Innovation & Digital Infrastructure

Milano’s AI Inventory Reveals a Bigger Security Question: Who Controls the Machines in City Hall?

15 June 2026 12:24Technology, Innovation & Digital InfrastructureEurope / ItalyTRUSTBREAKER

A public tally of 44 artificial intelligence projects, 9 already running, shows how quickly AI can move from pilot to municipal infrastructure - and why governance becomes a security problem, not just a policy one.

Introduction

When a large city starts counting its AI projects, it is doing more than publishing a roadmap. It is admitting that software is no longer a side experiment. In Milan, the inventory of 44 projects, with 9 already operational, suggests that artificial intelligence is becoming part of the ordinary machinery of public administration. That shift matters because once AI enters city workflows, the real question is not whether it is innovative, but whether it is controlled, auditable, and safe enough for public use.

Fast Facts

  • The City of Milan has cataloged 44 artificial intelligence projects.
  • Nine of those projects are already operational.
  • The broader picture is one of advanced public-sector experimentation, but not a finished transformation.
  • The main pressure points are regulatory, organizational, and cultural, not just technical.
  • An AI inventory is also a security tool, because it helps identify ownership, exposure, and accountability.

Body

From a cybersecurity perspective, the most important detail is not the number 44. It is the fact that a municipality is beginning to treat AI as a portfolio that must be tracked. That is a meaningful step toward governance. Without an inventory, public bodies can end up with scattered experiments, unclear responsibility, and inconsistent controls. With one, they at least have a starting point for oversight.

The technical risk in public AI is rarely a single dramatic exploit. It is usually a chain of smaller weaknesses: unclear data ownership, uneven access control, weak documentation, and rushed procurement. Those issues matter even when no breach has occurred. In a city environment, an AI system can touch forms, archives, citizen-facing services, or internal decision support. If the controls are inconsistent, the impact can spread beyond one office or one use case.

The Milan case also highlights a familiar problem in public administration: moving faster than the institution can absorb. Nine projects already operational means the city is past the first phase of experimentation. But operational does not automatically mean mature. A system can be live and still need stronger monitoring, better transparency, clearer review processes, and more robust rules on who can change what and why.

At the time of writing, public information does not fully establish the technical root cause of each project’s design, the complete scope of affected users, or whether any downstream systems were involved. The available information supports a governance and risk analysis, not a claim of technical failure.

That is why the Milan inventory matters beyond local politics. It shows how AI adoption in a city government becomes a question of digital trust. The practical lesson is simple: every new AI project should be mapped, classified, and owned before it is relied on. In public administration, speed without visibility creates risk. The cities that handle AI best will not be the ones that launch the most projects, but the ones that can explain, supervise, and contain them.

Conclusion

Milan’s tally of AI projects is a sign of progress, but it is also a reminder that public-sector AI is now a governance discipline. The deeper lesson is not about how many systems exist, but whether an administration can keep control of the data, the process, and the accountability around them.

TECHCROOK

Hardware security key: For organizations managing sensitive systems, a physical security key adds a stronger layer of login protection than passwords alone. It is a simple, ordinary device for administrators who need safer access control, especially around accounts that can approve, modify, or monitor critical services.

Scheda Techcrook: Hardware security key

WIKICROOK

  • AI inventory: A structured list of artificial intelligence systems, used to track ownership, purpose, and risk.
  • Governance: The rules and oversight mechanisms that define how technology is approved, monitored, and reviewed.
  • Data minimization: Collecting and using only the data that is necessary for a specific purpose.
  • Operational system: A tool or service that is actively running in a real environment, not just being tested.
  • Digital trust: Confidence that a technology is reliable, accountable, and handled in a way that protects users.
TRUSTBREAKER
AuthorTRUSTBREAKER

Technology, Innovation & Digital Infrastructure