When Public AI Gets Real, the Bottleneck Is Control, Not Code
Italy’s public administration is being pushed toward AI faster than its governance habits are evolving, and that gap matters most when software can act, not just answer.
Artificial intelligence is no longer only a question of models and prompts. In public administration, the harder problem is deciding who can authorize, monitor, and stop systems once they begin to execute tasks on their own. That is why the Italian debate around AI in the PA is more than an adoption story: it is a governance test.
The discussion becomes sharper when agentic systems enter the picture. These tools can plan steps, use external services, and iterate toward a goal. In a bureaucratic setting, that may sound efficient. It also raises a familiar security question: what happens when a system is allowed to do more than generate text, especially if permissions, logging, and review are weak?
Fast Facts
- Italy’s public administration uses an RTD role to coordinate digital transformation.
- Agentic AI can plan, use tools, and complete multi-step tasks with limited human oversight.
- “Small AI” is best understood as a shorthand for smaller or more specialized models, not a formal technical category.
- The security risk rises when AI outputs turn into actions inside real workflows.
- For public bodies, ownership, permissions, and audit trails matter more than model hype.
In practical terms, the RTD is the governance anchor. It is the role that coordinates digital modernization and process redesign inside the PA. That matters because AI adoption in government is not just a procurement choice; it is an operational decision with legal, organizational, and security consequences. If no one owns the workflow, no one owns the failure mode either.
Agentic AI makes that problem more visible. A system that can call tools or chain actions may improve service delivery, but it can also widen the attack surface. Depending on configuration, such systems may touch databases, APIs, document stores, or internal services. That creates risks around over-permissioning, accidental data exposure, and actions that are hard to reconstruct after the fact. From a defensive perspective, the issue is not whether the model is “smart enough” but whether it is constrained enough.
The reference to “Small AI” should be read carefully. Smaller or more specialized models can lower cost, latency, and operational complexity, but they are not automatically safer. A compact model with broad permissions can still become a high-risk component. The real variable is the use case: what it can see, what it can do, and who can intervene when it behaves badly.
That is why the most useful lesson for public-sector teams is not technical enthusiasm but execution discipline. Start with limited tasks, restrict tools, separate credentials, and keep a complete audit trail. If an AI system is allowed to write, send, approve, or trigger steps, then testing and error analysis stop being optional. They become part of the security perimeter.
Based on the material available for this article, the exact technical depth of AI deployments in Italy’s public sector is not fully clear. This article is best read as a governance and risk analysis rather than a claim about any confirmed compromise.
Conclusion
The broader lesson is simple: in public administration, AI does not fail only at the model layer. It fails at the layer of ownership, permissions, and operational control. The institutions that win with AI will not be the ones that deploy fastest, but the ones that can prove who is accountable when software starts taking action.
WIKICROOK
- RTD: The Italian public-sector role that coordinates digital transformation and process modernization.
- Agentic AI: AI systems that can plan steps, use tools, and carry out multi-stage tasks.
- Audit trail: A record of system actions that helps reconstruct what happened and who approved it.
- Over-permissioning: Giving a system more access than it needs, which increases the impact of mistakes or abuse.
- Workflow orchestration: The control layer that decides how tasks, tools, and approvals are connected.




