---
id: "claim-it-bottlenecks-cede-ground"
type: "claim"
source_timestamps: ["§ Mandate broad access to technology."]
tags: ["it-governance", "innovation", "cybersecurity"]
related: ["action-remove-it-bottlenecks", "contrarian-targeted-security-over-blanket-bans", "entity-jpmorgan-chase", "entity-openai-chatgpt"]
confidence: "high"
testable: true
speakers: ["Bharat N. Anand", "Andy Wu"]
source_url: "https://hbr.org/2025/11/the-gen-ai-playbook-for-organizations"
source_title: "The Gen AI Playbook for Organizations"
sources: ["agentic"]
sourceVaultSlug: "hbr-seg-agentic"
originDay: 6
articleStem: "hbr-cl-87-genai-playbook-orgs"
sourceUrl: "https://hbr.org/2025/11/the-gen-ai-playbook-for-organizations"
sourceTitle: "The Gen AI Playbook for Organizations"
---
# Delegating full control of Gen AI to IT slows progress and cedes ground to rivals

**Claim (confidence: high · testable):** If access to gen AI stalls at the IT desk or behind compliance forms, organizations cede ground to rivals whose staff are experimenting in real time.

Cybersecurity concerns are real, but **blanket bans** — like [[entity-jpmorgan-chase-d87|JPMorgan Chase's]] temporary 2023 block on [[entity-openai-chatgpt|ChatGPT]] (which prevented ~60,000 users from experimenting) — prevent mass experimentation. IT should focus only on guarding against **critical** risks (like PII leakage) rather than trying to protect against *all* risks — the [[contrarian-targeted-security-over-blanket-bans|contrarian governance stance]]. The corresponding move is to [[action-remove-it-bottlenecks|remove IT bottlenecks and mandate broad access]].

**Enrichment / evidence:** The article recommends *"Mandate broad access to technology. Everyone in your company has tasks in all four quadrants… Every single person in your organization should evaluate which tasks can be handled… by gen AI,"* contrasting this with restrictive policies. Enterprise best practice is converging on **risk-based controls** (protect confidential/regulated data) coupled with **sandboxed experimentation**, rather than outright bans.

**Caveat / counter-perspective:** A pure 'anything goes' stance risks *shadow AI*, inconsistent quality, and compliance exposure; in heavily regulated sectors (finance, healthcare, defense) stronger central control may be strategically necessary. The claim is valid as a strategic caution, with sector-dependent limits.

**Assessment:** Supported by the article and consistent with emerging risk-based governance practice.
