BLOCK the Prompt, Not the Work argues that a familiar enterprise security figure, “Doctor No,” has evolved from a management nuisance into a systemic security liability in 2026, because blocking the work simply prompts users to reroute around controls. The piece contends that security must move from blocking specific prompts or destinations to securing the session itself, with a shift toward Session-Level Governance and prompt-level visibility, real-time DLP, and extension governance.
It criticises the SSL Inspection approach as a high-risk trade-off that often disrupts tools like Slack or high‑performance GenAI interfaces, leaving organisations effectively blind if they turn it off. A case cited involves a U.S. law firm that blocked the DeepSeek domain but found that 70% of users had an AI wrapper extension, meaning traffic could be exfiltrated through browsers and contractors’ devices without alerts.
The article urges moving away from kernel-hooking agents toward an agentless model that protects data in real time across any browser or device, including BYOD, and highlights the need to govern the extension layer and prompt-level data before users click Send. According to The Hacker News.