Head of AI Agents & MCP at WorkOS and Research Fellow at Stanford’s Loyal Agents Initiative. Recently completed PhD at MIT (2025) on “Private, Verifiable, and Auditable AI Systems.” Leading enterprise AI security, identity management, and authentication infrastructure.
Pioneer of Security-First AI Agent Architecture
Current Work
At WorkOS, Tobin leads development of enterprise-grade MCP servers with SSO integrations, access controls, and delegated authority mechanisms. He’s extending WorkOS’s authentication infrastructure—used by thousands of B2B applications—to AI agents, ensuring production systems maintain security boundaries while leveraging model capabilities.
As Research Fellow at Stanford HAI, he directs the Loyal Agents Initiative, a collaboration with Consumer Reports and MIT developing fiduciary duty frameworks and safety credentialing for AI agents.
Key publications include Identity Management for Agentic AI (OpenID Foundation, Oct 2025) and his PhD dissertation Private, Verifiable, and Auditable AI Systems, introducing zero-knowledge approaches for auditable LLM deployment.
Background
PhD from MIT (2025) on private, verifiable AI systems. Australian-American Fulbright Scholar. Lead author for privacy sections of the International AI Safety Report 2025. Active projects include ProcessEntropy (Python toolkit for AI security) and VerifiableEvals (zero-knowledge ML benchmarks).
Philosophy on AI Agent Security
Tobin’s approach challenges current agent implementations that lack proper identity and delegation:
Delegated authority over impersonation - Agents must operate with explicit scopes, not user impersonation. True delegation requires “on-behalf-of” flows with provable authority.
Protocol-driven security - MCP provides standardized boundaries for agent capabilities while enforcing organizational security models. Clean protocol design prevents configuration sprawl.
Verifiable systems - Zero-knowledge cryptography enables auditable claims about AI behavior without exposing sensitive model internals or training data.
Privacy as infrastructure - Building privacy, verifiability, and auditability into AI systems from first principles rather than treating them as afterthoughts.
WorkOS
WorkOS provides enterprise B2B authentication, authorization, and identity management for SaaS applications. Under Tobin’s leadership, the company is extending this expertise to AI agents with enterprise-grade MCP infrastructure.
Conference Appearance
Event: AI Engineering Code Summit 2025 Date: November 21, 2025 Time: 10:40 AM - 11:00 AM Session: Enterprise-Grade Model Context Protocol
Tobin presented on building production MCP servers with enterprise security, covering authentication patterns, delegated authority mechanisms, and governance constraints. His talk addressed the critical challenge of moving AI agents from experimentation to production while maintaining trust and security boundaries.