How Dropbox Uses MCP and Dash to Close the Design-to-Code Security Gap
Dropbox discovered that only 12% of pull requests reference the original threat‑model documents, and the median delay between a security design review and the corresponding code review is about five weeks. To address this design‑to‑code gap, the company built a system that combines the Model Context Protocol (MCP), foundational large language models, and the Dash AI search platform. The solution automatically retrieves relevant threat models during code review and uses the AI to compare implementation against documented requirements, linking 80% of design reviews to code changes. Dropbox says the pattern can be extended to privacy, API contracts, and regulatory compliance reviews.
Introducing Nova, Our Internal Platform for Coding Agents
Dropbox has launched Nova, an internal platform that runs AI coding agents across its massive monorepo and CI infrastructure. The service lets engineers execute multiple parallel coding sessions, validate changes with Bazel, and integrate agents into automated workflows. Nova started...
Improving Storage Efficiency in Magic Pocket, Our Immutable Blob Store
Dropbox’s exabyte‑scale immutable blob store, Magic Pocket, faced a sharp rise in storage overhead after a new Live Coder service created many under‑filled volumes. To combat the fragmentation, the engineering team introduced two additional compaction strategies—L2, a dynamic‑programming‑based volume packer,...