---
id: "contrarian-targeted-security-over-blanket-bans"
type: "contrarian-insight"
source_timestamps: ["§ Mandate broad access to technology."]
tags: ["contrarian-insight", "cybersecurity", "it-governance"]
related: ["claim-it-bottlenecks-cede-ground", "action-remove-it-bottlenecks", "entity-jpmorgan-chase"]
challenges: "The traditional IT governance model of zero-trust and comprehensive security review before enterprise software deployment."
speakers: ["Bharat N. Anand", "Andy Wu"]
source_url: "https://hbr.org/2025/11/the-gen-ai-playbook-for-organizations"
source_title: "The Gen AI Playbook for Organizations"
sources: ["agentic"]
sourceVaultSlug: "hbr-seg-agentic"
originDay: 6
articleStem: "hbr-cl-87-genai-playbook-orgs"
sourceUrl: "https://hbr.org/2025/11/the-gen-ai-playbook-for-organizations"
sourceTitle: "The Gen AI Playbook for Organizations"
---
# IT should not try to protect against all AI risks

**Contrarian insight.** IT leaders naturally want maximum precaution against *all* risks of a new technology, producing slow approval queues or blanket bans. The authors argue this is a **strategic failure**. IT should focus only on guarding against the **most critical** risks (like PII leakage) and accept lower-level risks to enable rapid frontline experimentation.

**What it challenges.** The traditional IT-governance model of zero-trust and comprehensive security review *before* enterprise software deployment. It underwrites [[claim-it-bottlenecks-cede-ground|the IT-bottleneck claim]] and the action to [[action-remove-it-bottlenecks|remove IT bottlenecks]]; [[entity-jpmorgan-chase-d87|JPMorgan Chase's ChatGPT block]] is the cautionary case. **Balancing caveat:** unrestricted experimentation can create *shadow AI*, inconsistent quality, and compliance risk — so in heavily regulated sectors, stronger central standards may be warranted alongside structured experimentation.
