Deterministic Recommendations Vs Llm Decisioning

Issue 71 Edition 2026-03-12 6 min read

General

Sources: 1 • Confidence: Medium • Updated: 2026-04-11 19:39

Key takeaways

Airlock has built an unreleased feature called Autotrust that provides allowlisting rule recommendations and can optionally automate some trust decisions.
Airlock argues many vendors avoid or struggle to compete in allowlisting because allowlisting is operationally demanding as a program.
Airlock invested engineering effort to close a potential execution gap involving PowerShell and assembly reflection.
Airlock says the next three months include a major push to ship and improve integrations with surrounding enterprise tools to operationalize allowlisting workflows.
Airlock Digital appointed Kevin Dunn (based in New York) as CEO, and co-founder Daniel Schell is now Chief Product Officer.

Airlock has built an unreleased feature called Autotrust that provides allowlisting rule recommendations and can optionally automate some trust decisions.
Autotrust recommendations are based on deterministic logic using internal environment data plus external signals such as VirusTotal and execution prevalence, not contemporary LLMs.
Airlock plans to provide plain-language explanations for Autotrust recommendations while keeping the recommendation decisioning based on decision trees and internal rules rather than LLM inference.
Airlock avoided using LLMs for allowlist decision-making because model non-determinism can produce unpredictable decisions that are inappropriate for execution-control enforcement.
Airlock expects most customers will use Autotrust at least for recommendations, and possibly enable automated trust decisions during early rollout, to reach enforcement faster.

Airlock argues many vendors avoid or struggle to compete in allowlisting because allowlisting is operationally demanding as a program.
Airlock attributes limited competition partly to the engineering difficulty of maintaining performant, lightweight agents across Windows (including legacy), Linux, and macOS while covering many execution pathways without unacceptable resource overhead.
Airlock claims some newer 'app control' competitors are effectively focused on blocklisting or single-OS scope despite marketing that implies broader allowlisting capability.
Airlock reports the last 12 months were extremely busy because the market is more ready to adopt allowlisting despite persistent skepticism about operationalizing it.
Airlock says selling allowlisting has become easier over time because compliance standards forced adoption in some environments and successful deployments demonstrated allowlisting works beyond static kiosks.

Airlock invested engineering effort to close a potential execution gap involving PowerShell and assembly reflection.
Airlock's product strategy emphasizes preventing classes of attacks by removing execution techniques (e.g., assembly reflection and MSBuild compilation) rather than adding detections for specific outcomes.
Airlock increasingly treats browser extension control and Microsoft ClickOnce as execution surfaces that require explicit visibility and rule-building UX.
Airlock says its underlying framework already blocks multiple execution vectors including ClickOnce and VSTO add-ins.

Airlock says the next three months include a major push to ship and improve integrations with surrounding enterprise tools to operationalize allowlisting workflows.
Airlock positions allowlisting as an operational strategy and lifecycle process rather than an install-and-forget product.
Airlock is prioritizing integrations with enterprise workflow and productivity tools (e.g., Microsoft Teams, Slack, ServiceNow) to route approvals and exceptions without requiring operators to work directly in the Airlock console.

Airlock Digital appointed Kevin Dunn (based in New York) as CEO, and co-founder Daniel Schell is now Chief Product Officer.

Airlock says the next three months include a major push to ship and improve integrations with surrounding enterprise tools to operationalize allowlisting workflows.

When will Autotrust ship (GA), and what exact capabilities will be included at release (recommendations only vs. automated trust decisions)?
What objective performance and accuracy metrics will Airlock use to evaluate Autotrust recommendations (e.g., false-allow rate, false-deny rate, time-to-enforcement change)?
How reproducible and auditable are Autotrust recommendations in practice, including how external signals (e.g., VirusTotal) are thresholded and governed per customer?
What is the real-world residual bypass surface after the stated efforts on PowerShell/assembly reflection, ClickOnce, VSTO add-ins, and browser-extension execution pathways?
What concrete integrations will ship in the stated three-month integration push, and how reliably will approval/exception routing work across Teams/Slack/ServiceNow in production?

Deterministic recommendation plus optional automation for allowlisting may be positioned as a safer alternative to non deterministic LLM decisioning for enforcement critical controls, potentially improving buyer trust if explanations remain operator friendly.
Near term integration push suggests strategy is shifting from core control to workflow operationalization, aiming to reduce allowlisting program burden through routing approvals and exceptions in existing enterprise tools.
Leadership split with a new CEO and co founder as CPO may signal focus on scaling go to market while maintaining product velocity, which could impact execution cadence and prioritization.

Clear GA timing for Autotrust and release scope, including whether it ships as recommendations only or includes automated trust decisions with governance controls.
Published evaluation metrics for Autotrust, such as false allow and false deny rates and time to enforcement, plus evidence recommendations are reproducible and auditable under customer defined thresholds.
Concrete integrations shipped within three months and demonstrated production reliability for approval and exception routing across common tools, with measurable reduction in operational workload.

Autotrust GA slips or ships with limited capabilities, unclear governance, or weak auditability, undermining the deterministic enforcement narrative.
Real world bypass surface remains material despite stated work on PowerShell reflection and other execution pathways, or customers report frequent gaps requiring compensating controls.
Integration push fails to deliver named connectors or routing reliability, resulting in continued high operational burden and slow exception handling.