Brooks McMillin
AI Security Researcher & Infrastructure Security Engineer
I lead infrastructure security at Dropbox, focusing on AI agent security, LLM development tooling, and securing production AI systems. My team builds frameworks that help engineers safely ship AI-powered features while defending against emerging threats to autonomous systems and ML infrastructure.
Defense in Depth for AI-Assisted Development: Pre-commit Hooks, Review Agents, and CI That Catch LLM Mistakes
Practical strategies for safer AI-assisted development: automated review agents, layered security checks, and context management that prevents catastrophic mistakes.
Read ArticleCurrent Focus
AI Agent & Infrastructure Security
Building security frameworks for AI agents, developing LLM security tooling for engineering teams, and securing the infrastructure that powers production AI systems at scale.
- Designing security architectures for autonomous AI agents — sandboxing, permissions, and runtime controls
- Building LLM security tooling that integrates into developer workflows for safe AI feature development
- Threat modeling for MCP, multi-agent systems, and tool-use patterns in production environments
- Securing infrastructure for AI/ML platforms — identity, access control, and data protection
Featured Projects
Agent Framework
productionA production-ready framework for building LLM agents with the Model Context Protocol (MCP). This framework provides the foundation for building …
- Production-ready framework for building LLM agents with MCP
- Full OAuth 2.0 with PKCE and dynamic client registration
Secure Task Management Suite
productionA comprehensive secure task management platform consisting of three integrated components: a main application, Python SDK, and MCP server integration. …
- Full OAuth 2.0 authorization server with PKCE support
- Comprehensive security testing suite with Vitest
Secure Communications Suite
productionA dual-language secure communications suite providing SMS capabilities through GSM modems, built with both Go and Python implementations. This project …
- Cross-platform GSM modem interface (Go + Python)
- Real-time SMS communication with security considerations
ReMarkable Research Security Toolkit
productionA comprehensive toolkit for secure research paper management on reMarkable tablets, featuring AI-powered classification and automated organization. …
- Automated research paper classification using AI
- Secure PDF processing pipeline with content validation
Recent Appearances
Security audit of MCP servers and their OAuth implementations, demonstrating that 90% of vulnerabilities reflect longstanding security principles amplified by AI agents
A three-layer defensive framework for catching security mistakes introduced by LLM-assisted code generation before they reach production
Let's Connect
Interested in AI security research, collaboration opportunities, or speaking engagements? I'd love to hear from you.
More About Me