Brooks McMillin

AI Security Researcher & Infrastructure Security Engineer

I lead infrastructure security at Dropbox, focusing on AI agent security, LLM development tooling, and securing production AI systems. My team builds frameworks that help engineers safely ship AI-powered features while defending against emerging threats to autonomous systems and ML infrastructure.

Learn More About Me View Blog
Latest Post

Defense in Depth for AI-Assisted Development: Pre-commit Hooks, Review Agents, and CI That Catch LLM Mistakes

13 min read

Practical strategies for safer AI-assisted development: automated review agents, layered security checks, and context management that prevents catastrophic mistakes.

#security #AI #LLM #ci-cd
Read Article

Current Focus

AI Agent & Infrastructure Security

Building security frameworks for AI agents, developing LLM security tooling for engineering teams, and securing the infrastructure that powers production AI systems at scale.

  • Designing security architectures for autonomous AI agents — sandboxing, permissions, and runtime controls
  • Building LLM security tooling that integrates into developer workflows for safe AI feature development
  • Threat modeling for MCP, multi-agent systems, and tool-use patterns in production environments
  • Securing infrastructure for AI/ML platforms — identity, access control, and data protection

Featured Projects

Agent Framework

production
Python Model Context Protocol OAuth 2.0 Anthropic Claude

A production-ready framework for building LLM agents with the Model Context Protocol (MCP). This framework provides the foundation for building …

  • Production-ready framework for building LLM agents with MCP
  • Full OAuth 2.0 with PKCE and dynamic client registration
Learn more → GitHub →

Secure Task Management Suite

production
Astro Node.js PostgreSQL OAuth 2.0

A comprehensive secure task management platform consisting of three integrated components: a main application, Python SDK, and MCP server integration. …

  • Full OAuth 2.0 authorization server with PKCE support
  • Comprehensive security testing suite with Vitest
Learn more → GitHub →

Secure Communications Suite

production
Go Python GSM Serial Communication

A dual-language secure communications suite providing SMS capabilities through GSM modems, built with both Go and Python implementations. This project …

  • Cross-platform GSM modem interface (Go + Python)
  • Real-time SMS communication with security considerations
Learn more → GitHub →

ReMarkable Research Security Toolkit

production
Python Go rmapi Anthropic Claude

A comprehensive toolkit for secure research paper management on reMarkable tablets, featuring AI-powered classification and automated organization. …

  • Automated research paper classification using AI
  • Secure PDF processing pipeline with content validation
Learn more → GitHub →
View All Projects

Recent Appearances

Breaking Model Context Protocol: Back to Security Basics

talk
CactusCon February 2026 Mesa, AZ

Security audit of MCP servers and their OAuth implementations, demonstrating that 90% of vulnerabilities reflect longstanding security principles amplified by AI agents

Details →

Defense in Depth for AI-Assisted Development

talk
Dropbox (Internal Tech Talk) February 2026

A three-layer defensive framework for catching security mistakes introduced by LLM-assisted code generation before they reach production

Details →

AI Threats in 2025: A Year in Review

panel
Lakera December 2025 Online

Panel discussion on how AI-driven threats evolved in 2025 and what defenders should prepare for in 2026

Details → Watch Video

How We Use Lakera Guard to Secure Our LLMs

blog post
Dropbox Tech Blog September 2024

Technical deep-dive on implementing LLM security controls at scale using Lakera Guard for Dropbox's AI features

Details →
View All Appearances

Let's Connect

Interested in AI security research, collaboration opportunities, or speaking engagements? I'd love to hear from you.

@ [email protected] GH GitHub in LinkedIn BS Bluesky
More About Me