How Dropbox uses MCP and Dash to close the design-to-code security gap (8 minute read) (opens in new tab)

Dropbox built a system combining Model Context Protocol, large language models, and its Dash AI to automatically check if code changes align with security threat models during code review, after discovering that only 12% of pull requests linked back to their original security reviews and 54% were created over a month after the review was filed. The system uses Dash's indexing capabilities to retrieve relevant threat models and has already identified missing security controls and contradiction...