Building Secure Agentic Systems: Lessons from Daily-Driver Agents
Brooks McMillin
[un]prompted 2026 — AI Security Practitioner Conference · Day 2 · 1
Brooks McMillin has built a personal ecosystem of 19 AI agents running 73 MCP tools — and has been breaking it, learning from those failures, and hardening it in real time. His [un]prompted talk is a practitioner-level account of what actually goes wrong when you run agents at meaningful scale, and what security controls work in practice: capability bounding, memory isolation, context-aware trimming, and granular observability. ---
AI review
McMillin built 19 real agents running 73 MCP tools, broke them in interesting ways, and fixed them — then told the audience exactly what went wrong. The memory isolation failure story alone is worth attending for. Rare honest practitioner content from someone who runs this stuff daily instead of theorizing about it.