FREE GRC Workshop

LEARN MORE

Recommended Event: Convene: Boston | Cybersecurity & Human Risk Conference Aug 13 - 14, 2026

Redefining Application Control for a Post AI World

Solution Category Endpoint Security
Type Webinar
Organization Airlock Digital
Event Format Company Webinar

Webinar Description

Key Takeaways

  • Explores how application control strategies must evolve to address threats from Agentic AI and unauthorised software execution
  • Features Forrester Senior Analyst Paddy Harrington alongside Airlock Digital technical leadership
  • Addresses practical challenges of operationalising allowlisting without disrupting IT workflows
  • Designed for CISOs, security analysts, IT managers and endpoint security decision-makers
  • Focuses on moving from visibility-based approaches to defined trust models

Introduction

Airlock Digital is hosting a webinar titled “Redefining Application Control for a Post-AI World,” bringing together industry analysts and technical practitioners to examine how organisations can modernise their approach to controlling software execution. The session targets IT security professionals grappling with an increasingly complex threat landscape where traditional allowlisting methods struggle to keep pace with emerging risks from browser extensions, unauthorised applications and autonomous AI agents. As enterprises deploy more sophisticated tooling and face regulatory pressure to demonstrate control over their environments, the timing reflects broader industry concern about whether legacy application control frameworks remain fit for purpose.

About This Event

The virtual webinar features Paddy Harrington, Senior Analyst at Forrester, alongside Airlock Digital’s CEO Kevin Dunne and Principal Technical Success Engineer Patrick Van Zandt. This combination of independent analyst perspective and vendor expertise positions the session to address both strategic considerations and implementation realities. The format emphasises education and discussion rather than product demonstration, with the panel examining how security teams can establish sustainable practices for defining what software should be permitted to execute across their infrastructure.

Forrester’s involvement brings external validation to the discussion. The research firm has tracked endpoint security trends for decades, and Harrington’s participation suggests the conversation will extend beyond vendor-specific approaches to examine industry-wide challenges facing security programmes.

The Shifting Landscape of Application Control

Application control has long served as a foundational security measure, operating on a simple principle: only approved software should execute on managed endpoints. In practice, however, maintaining accurate allowlists has proven operationally demanding. Security teams must balance protection against the practical needs of users who require new applications, updates and browser extensions to perform their work. Too restrictive an approach generates friction and workarounds; too permissive an approach defeats the purpose entirely.

The emergence of Agentic AI introduces additional complexity. Unlike traditional software that executes predictable functions, AI agents can autonomously initiate actions, install components and interact with systems in ways that may not align with established trust models. Security teams accustomed to evaluating discrete applications now face the challenge of assessing software that behaves dynamically and may acquire new capabilities after deployment.

Browser extensions represent another expanding attack surface. These lightweight applications often request broad permissions and can access sensitive data across web sessions. Many organisations lack visibility into which extensions employees have installed, let alone the ability to enforce policies governing their use. The webinar addresses how application control frameworks can extend to cover these execution contexts that fall outside traditional endpoint management.

From Visibility to Defined Trust

A central theme of the session concerns the transition from visibility-focused security to what the organisers describe as “defined trust.” Many organisations have invested in tools that provide comprehensive inventories of installed software and running processes. Visibility alone, however, does not constitute control. Knowing what executes across an environment differs fundamentally from establishing and enforcing policies about what should execute.

Defined trust requires organisations to make explicit decisions about which applications, publishers and code sources they consider acceptable. This demands ongoing governance processes rather than one-time configuration. Software ecosystems change continuously as vendors release updates, new tools enter the market and business requirements evolve. Security teams must establish workflows that accommodate legitimate change while maintaining meaningful restrictions.

The webinar aims to provide practical guidance on operationalising these concepts. Implementation challenges often derail application control initiatives, particularly in large enterprises with diverse technology stacks and distributed IT management. Speakers will address how organisations can structure their programmes to achieve security objectives without creating unsustainable administrative burdens.

Operational Challenges in Modern Environments

Mid-to-large enterprises face particular difficulties implementing effective application control. These organisations typically operate heterogeneous environments spanning multiple operating systems, cloud platforms and device types. Shadow IT remains prevalent as business units adopt tools without formal approval processes. Remote and hybrid work arrangements have further complicated endpoint management by distributing devices beyond traditional network perimeters.

Change management presents another persistent obstacle. Allowlisting systems that cannot accommodate rapid software updates create friction with development teams, IT operations and end users. When security controls impede productivity, organisations often respond by loosening restrictions or creating exceptions that undermine the original security posture. Sustainable application control requires processes that can evaluate and approve legitimate changes efficiently.

The discussion will examine how security teams can design programmes that balance these competing pressures. Reducing attack surface remains the fundamental objective, but achieving that goal requires approaches sophisticated enough to handle the operational realities of modern IT environments.

Who Should Attend

The webinar is designed for security professionals responsible for endpoint protection and risk management decisions. CISOs evaluating their organisation’s application control maturity will find strategic perspective on how the threat landscape is evolving. Security analysts and engineers tasked with implementing or maintaining allowlisting systems can expect practical insights into operational challenges and potential solutions.

IT managers overseeing endpoint environments and compliance officers concerned with demonstrating control over software execution represent additional relevant audiences. The session may prove particularly valuable for organisations that have previously attempted application control initiatives but struggled to maintain them, as well as those beginning to assess how AI-driven threats should influence their security programme priorities.

Enterprises with complex technology environments, regulatory obligations or heightened security requirements stand to benefit most from the discussion. The content assumes familiarity with endpoint security concepts and addresses challenges more commonly encountered in larger organisations with mature security programmes.

Industry Context

The webinar arrives as the security industry broadly reassesses assumptions about endpoint protection. Traditional antivirus approaches that rely on signature-based detection have given way to behavioural analysis and machine learning, yet these methods focus primarily on identifying malicious activity rather than preventing unauthorised execution in the first instance. Application control offers a complementary approach by restricting what can run regardless of whether specific threats have been identified.

Regulatory frameworks increasingly expect organisations to demonstrate control over their software environments. Standards such as those from the National Institute of Standards and Technology emphasise the principle of least functionality, requiring systems to be configured to provide only essential capabilities. Application control directly supports these requirements by limiting execution to approved software.

The rapid adoption of AI tools across enterprises has accelerated these concerns. Organisations that previously maintained reasonable visibility into their software portfolios now face employees experimenting with AI assistants, automation tools and browser-based applications that may not undergo formal security review. Establishing governance frameworks that can accommodate beneficial AI adoption while preventing uncontrolled proliferation represents an emerging challenge that the webinar directly addresses.