Block the Prompt, Not the Work: The End of "Doctor No"

This article is an opinion piece addressing enterprise security culture rather than a specific cyber threat. It critiques the 'Doctor No' phenomenon—security leaders who reflexively block new technologies like ChatGPT, DeepSeek, and file-sharing tools instead of enabling secure adoption. The piece argues that this obstructive approach, once tolerated as security rigor, has become counterproductive in 2026 as organizations must balance innovation with risk management. Rather than blocking AI tools and emerging technologies outright, security teams should implement guardrails that allow business enablement while maintaining protection. No specific threat actors, malware families, or vulnerabilities are discussed in this article.

There is a character that keeps appearing in enterprise security departments, and most CISOs know exactly who that is. It doesn’t build. It doesn’t enable. Its entire function is to say "No." No to ChatGPT. No to DeepSeek. No to the file-sharing tool the product team swears by. For years, this looked like security. But in 2026, "Doctor No" is no longer just a management headache &

This article is an opinion piece addressing enterprise security culture rather than a specific cyber threat. It critiques the 'Doctor No' phenomenon—security leaders who reflexively block new technologies like ChatGPT, DeepSeek, and file-sharing tools instead of enabling secure adoption. The piece argues that this obstructive approach, once tolerated as security rigor, has become counterproductive in 2026 as organizations must balance innovation with risk management. Rather than blocking AI tools and emerging technologies outright, security teams should implement guardrails that allow business enablement while maintaining protection. No specific threat actors, malware families, or vulnerabilities are discussed in this article. There is a character that keeps appearing in enterprise security departments, and most CISOs know exactly who that is. It doesn’t build. It doesn’t enable. Its entire function is to say "No." No to ChatGPT. No to DeepSeek. No to the file-sharing tool the product team swears by. For years, this looked like security. But in 2026, "Doctor No" is no longer just a management headache & There is a character that keeps appearing in enterprise security departments, and most CISOs know exactly who that is. It doesn’t build. It doesn’t enable. Its entire function is to say "No." No to ChatGPT. No to DeepSeek. No to the file-sharing tool the product team swears by. For years, this looked like security. But in 2026, "Doctor No" is no longer just a management headache &