
The EU Parliament turned off risky AI features but kept email running. That containment playbook is more useful than binary bans or blind adoption for most organisations.
Alpha Score of 59 reflects moderate overall profile with strong momentum, moderate value, moderate quality. Based on 3 of 4 signals – score is capped at 90 until remaining data ingests.
The European Parliament switched off built-in AI features on devices issued to lawmakers and staff earlier this year. Summarisers and virtual assistants got axed. Email and calendars did not.
That distinction looks like a small administrative decision. It is not. It is a case study in how to manage AI risk without killing innovation, and it arrives at a moment when most organisations are still choosing between two bad options.
Global AI spending is on track to exceed $500 billion this year. Almost 90% of analysed AI tools have been exposed to data breaches, according to recent surveys. Faced with those numbers, the default response tends to be binary: block everything or let everything run. Neither works for long. A blanket ban kills productivity and frustrates teams who see competitors adopting the same tools. Unsupervised adoption lets AI spread without controls, creating blind spots that attackers love.
Illumio's research shows that 55% of security leaders rank AI-powered attacks as a major risk. Only 19% see unapproved use of large language models as a top concern. That gap matters. It means many organisations are not tracking where their own AI tools are running or what data they touch.
The European Parliament handled the problem differently. It did not launch a review of every AI application. It identified the features that posed the highest operational risk – summarisers that process meeting content, virtual assistants that handle scheduling and data retrieval – and turned those off. Everything else kept running. The move was targeted, proportionate, and operationally careful.
That containment mindset is the opposite of how most security frameworks work. Traditional models assume the person interacting with a system has judgment. AI does not. It does not question instructions, interpret context, or detect subtle warning signs. It executes exactly as designed. If the instructions are flawed, it follows them. If it is compromised, it moves across systems and interacts with data faster than any human attacker.
Agentic AI – tools that can act autonomously – amplifies that risk. An agent with wide-ranging system access can chain together multiple actions without human oversight. The speed and scale of a compromised agent is not comparable to a compromised employee. That is why the EU Parliament's selectiveness matters. It isolated the riskiest functions while keeping the rest running.
The lesson for organisations is straightforward. The question is not whether to allow AI. It is how to control what AI does.
That requires three things. First, network visibility. Organisations need to know what AI systems are operating, what they connect to, and what data they access. A theoretical diagram of what the organisation thinks is communicating is not enough. The map must be updated continuously.
Second, control over connectivity. AI systems interact with applications, data sources, and other systems. Agentic systems can chain access across multiple elements to complete tasks independently. Limiting unnecessary communication reduces exposure while allowing sanctioned tasks to continue. That means granular policies that define how each tool operates, not whether it is allowed.
Third, contain the blast radius. If an AI system behaves unexpectedly or is compromised, the impact should stay in a small area. The EU Parliament did exactly that. It protected essential operations, isolated the issue, and kept functioning.
Only 23% of organisations have formal security policies to address data leaks linked to AI tools, according to Metomic. That number has to rise. The tools are already embedded in core operations. Switching them off entirely is not a viable long-term strategy. Even the EU Parliament's selective approach will not hold forever.
Binary decisions force trade-offs. They limit innovation or increase risk. The better approach removes that tension. With the right controls in place, organisations can adopt AI safely, maintain continuity, and respond quickly when something goes wrong.
The question is no longer on or off. It is how precisely you can control what happens in between.
Prepared with AlphaScala editorial tooling from the source reporting linked above. Indexable analysis may include a cited Alpha Score value. Publishing checks screen each story before release. Educational coverage, not personalized advice.