Risky Bulletin — Sponsored: Application Allowlisting, But Not As You Know It

Host: James Wilson (Risky Business Media)
Guests: David Cottingham & Daniel Schell (Co-founders, Airlock Digital)
Date: April 5, 2026

Episode Overview

This episode explores how Airlock Digital is advancing the concept of application allowlisting beyond traditional file- and path-based controls. The conversation delves into redefining what constitutes an “application,” why old paradigms are insufficient for today’s dynamic environments (especially with the rise of AI agents), and how Airlock is developing an adaptive, relationship-based model for application control. The episode highlights the challenges, philosophical debates, and technical innovations that are shaping the future of endpoint security — all while avoiding an endless game of “cat and mouse” with attackers.

Key Discussion Points & Insights

1. Redefining “What Is an Application?”

• Definitional Challenge:
  • David Cottingham opens by grappling with the fundamental question:

    “What is an application? It's a really hard thing to define... essentially code that works together to achieve a common purpose or a shared purpose.” (00:50)

  • Points out that applications are more than just a single executable; they frequently comprise interconnected binaries, libraries, and dependencies.
• Practical Observation:
  • Using Steam as an example, David explains how application clusters can emerge, with boundaries sometimes overlapping (e.g., Steam and its games, plus the supporting DLLs and system libraries).

    “We found with trying to categorize what is an application... it brings in some really interesting observations...” (01:55)

• Application Clustering:
  • Airlock Digital’s approach is to track how code components interact when executed, depicting applications as clusters with a central node (primary executable) and linked dependencies.

2. From File-Level to Application-Level Allowlisting

• Limitations of Traditional Methods:
  • James summarizes the pitfalls of path-based allowlisting:

    “If I put something bad in that location, it doesn't matter because that's allowed.” (02:49)

  • Daniel and David reflect on Airlock’s heritage: strict file controls are vital, but more context is needed as workloads grow complex.
• Why Move Up the Stack?
  • David describes internal debates — sales teams champion innovation, while engineers are wary of abandoning core principles:

    “Sales is like, yes, this is the best thing ever. And sales engineers are like, hang on, this is cutting against the core foundational principle...” (03:37)

  • The goal is not to lose strong file-based security, but to enhance understanding by mapping all application components intelligently (04:00).
• Context Over Rules:
  • Daniel explains that simply “allowing Chrome” isn’t enough:

    “We have to still maintain the security and enforce it at that file level, but we just need to intelligently look at all of that data and have a really good understanding and definition of an application and all of its parts.” (04:00)

• Security as Constraint:
  • The modern paradigm is to empower organizations to implement their own granular constraints rather than just relying on detection:

    “Good security outcomes are all about constraints. ...by trusting the application in its parts and therefore trusting the application is sort of the ultimate constraint...” (06:08)

3. Dynamic, Relationship-Based Application Recognition

• Beyond Static Lists:
  • The team emphasizes their aversion to static allowlists, which are inherently unscalable and break down with new or internal apps:

    “If you had this conversation with me... I'd be like, we need to go define the top 200 apps and we'll be chasing our tail forevermore.” (06:57)

  • Instead, Airlock focuses on observed relationships:

    “What we've been able to do... is a very good application list summary... completely based on customer data without any teaching or cloud lookup...” (07:40)

• Internal & Unique Apps:
  • David highlights that most files seen in allowlisting are never seen by other customers, underscoring the futility of centralized, static lists:

    “It's things that people are generating and you still need to be able to classify those things. ... no static items. We just need to be able to group better.” (08:31)

4. Application Control in the Age of AI Agents

• Profiling AI/Agentic Tools:
  • AI agents (e.g., autonomous coding tools) can invoke a variety of binaries and system commands. The team’s relationship-based model identifies these sprawling behaviors:

    “What you will naturally see with the AI agents is the tools that it executes and uses... you can generally pin it to that and you can see the nodes that expand out from that.” (09:29)

  • Real-world experiment: discovering which binaries an agent uses (such as PowerShell, SSH, Mongo shell) by observing live behavior (10:07).
• Containment Profiles:
  • David describes roles-based application containment (“developer profiles”, “test profiles”), limiting agent capabilities according to use case:

    “... really refining what those profiles are, what might be practical for our customers to control those things.” (11:36)

• Defending Against Workarounds:
  • James prompts about adversarial AI:

    “Congratulations guys. You're also now yet another piece of friction in the way of an agent that is going to love to work around you. How are you feeling about this?” (11:52)

  • David replies with confidence:

    “We are still focused on the... file execution. ...if we are just denying access for that process to PowerShell EXE... there’s not much you can do. And we find that the models will just give up after two or three attempts.” (12:01)

  • Daniel backs this up with direct observation:

    “Definitely for me, when it’s been blocked a couple times... it would tell you what's trying to do. And that’s kind of the output, right?” (12:45)

• Resilience Over Cat-and-Mouse:
  • “You’ve just got to get down below it and say, what are the foundational requirements for this class of thing to happen? ...Because then you’re just playing cat and mouse a little bit...” (12:59)
  • The model's design philosophy: default-deny at the process level is more robust than increasingly complex signature-based detection and response (14:48).

5. Broader Security Landscape, Cultural Shifts, and Future Outlook

• Security Paradigms in Flux:
  • Surging complexity from AI, agentic tools, and rapid tech evolution is fundamentally changing security’s role and making it “fun again”:

    “I feel like the pressure has gone up so much higher because there's so much change, but it's also made security fun again.” (16:07)

• A Sense of Excitement—and Caution:
  • David and Daniel reflect on the balance between excitement for new challenges and the “anxiety and nervousness” they inspire (16:25).
• Closing Reflection:
  • James encapsulates the episode’s value:

    “What's that old adage? ...The things you fear most find a way to meet you halfway. ...It's like, okay, well, that's a new reality.” (16:35)

Notable Quotes & Memorable Moments

• David Cottingham (00:50):
  “What is an application? It's a really hard thing to define… it's code that works together to achieve a common purpose…”
• James Wilson (02:49):
  “If I put something bad in that location, it doesn't matter because that's allowed.”
• David Cottingham (03:57):
  “Sales is like, yes, this is the best thing ever. And sales engineers are like, hang on, this is cutting against the core foundational principle...”
• Daniel Schell (06:57):
  “If you had this conversation with me... I'd be like, we need to go define the top 200 apps and we'll be chasing our tail forevermore...”
• David Cottingham (12:01):
  “If we are just denying access for that process to PowerShell EXE... there’s not much you can do. The models will just give up after two or three attempts.”
• Daniel Schell (16:07):
  “I feel like the pressure has gone up so much higher because there's so much change, but it's also made security fun again.”
• James Wilson (16:35):
  “The things you fear most find a way to meet you halfway.”

Important Timestamps

• 00:50 — Defining “application”; application clustering
• 02:49 — Limitations of static/path-based allowlisting
• 03:57 — Tension between innovation and core security principles
• 06:08 — Security as constraint, shift towards strategy over detection
• 07:40 — Advantages of relationship-based, customer-driven app grouping
• 09:29 — AI agents’ behaviors within allowlisting models
• 11:36 — Profile-based containment strategies
• 12:01 — Real-world AI agent evasion attempts and blocking efficacy
• 14:48 — Resilience of default-deny over signature-based approaches
• 16:07 — Reflections on industry transformation and future challenges

Summary

This episode provides an in-depth look at the evolution of application allowlisting in response to dramatic changes in software development, dependency sprawl, and the rise of autonomous agents. Airlock Digital’s founders present a vision for adaptive, relationship-focused security controls — moving beyond static, rule-based models to systems that learn and enforce trust based on observed relationships between code components. The discussion is honest about tradeoffs and challenges, but ultimately optimistic about how these innovations can reset the security baseline and empower organizations to respond to the accelerating pace of change.