Risky Business Risky Biz Soap Box: It took a decade, but allowlisting is cool again
11 snips
Mar 12, 2026 Daniel Schell, Airlock Digital co-founder and CTO, builds deep endpoint controls. David Cottingham, co-founder and chief product officer, drives deny-by-default execution control. They discuss AI's role in allowlisting and why deterministic, customer-scoped automation beats LLMs for recommendations. They cover autotrust, assembly reflection, hardening UIs, and making allowlisting operationally practical.
AI Snips
Chapters
Transcript
Episode notes
Autotrust Recommendations Without LLMs
- Airlock built an autotrust recommendation engine without LLMs to keep decisions deterministic and context-bound to each customer environment.
- They use execution prevalence, VirusTotal data, and decision trees to rank suggested allowlist rules and optionally auto-apply them.
Guide Users To Enforcement With Prioritized Recommendations
- Use a prioritized, visible recommendation worklist to move customers from monitoring to full enforcement quickly.
- Provide natural-language explanations for each recommendation so operators understand why rules are suggested before enabling enforcement.
Use LLMs Only Where They Add Clear Context
- Airlock deliberately avoided early heavy reliance on public LLMs because many decisions can be made deterministically from scoped customer data.
- They plan to add external AI-derived context later if it demonstrably improves outcomes without compromising determinism.