Another application is crypto: the SubBytes step of AES maps very neatly onto gf2p8affineinvqb, so algorithms that are similar to AES but not exactly AES could make use of gf2p8affineinvqb
Expanding on this,a very nice property of Galois Counter Mode (GCM) for AES is that encrypting one block does not require the previous block to be encrypted, like in AES-CBC.
This means that AES-GCM can take advantage of data parallelism and there are big speedups in threaded and pipelined CPUs.
In short, you can get big latency and throughout gains by using AES-GCM over AES-CBC.
Another application is crypto: the SubBytes step of AES maps very neatly onto gf2p8affineinvqb, so algorithms that are similar to AES but not exactly AES could make use of gf2p8affineinvqb