Dennis Traub's Avatar

Dennis Traub

@dtraub.bsky.social

Software Engineer and Developer Advocate at AWS, exploring the impact of AI, new skills we need to learn, and how to keep up with its pace without going insane.

610 Followers  |  173 Following  |  127 Posts  |  Joined: 29.06.2023  |  2.5332

Latest posts by dtraub.bsky.social on Bluesky

Preview
Kiro: The AI IDE for prototype to production The AI IDE for prototype to production

It’s πŸ‘»day !

Spec-driven development brought to your IDE

Try Kiro today

kiro.dev

15.07.2025 07:03 β€” πŸ‘ 0    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0

Update: I've created a GitHub Issue proposing to address this problem.

Please help getting this fixed by adding your +1!

Here's the link: github.com/modelcontext...

02.06.2025 08:43 β€” πŸ‘ 2    πŸ” 4    πŸ’¬ 0    πŸ“Œ 0
Preview
AWS | Community | Building AI Agents with Strands: Part 1 - Creating Your First Agent Learn how to create your first AI agent with the Strands Agents SDK in minutes. This tutorial covers setup, agent initialization, system prompts, and debugging.

Use the Strands SDK to build AI agents, easily integrating with existing MCP tools, selecting models from Bedrock, OpenAI, or Olama.

It’s so easy, I felt so productive after just one hour :-)

Follow this four-part series of tutorials by @dtraub.bsky.social

community.aws/content/2xP1...

29.05.2025 10:37 β€” πŸ‘ 4    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0

If you're deploying MCP in production, treat it like you're installing random software from the internet.

Because - again - that's exactly what you're doing.

01.06.2025 18:09 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

That "productivity tool" that helps manage your GitHub repos? It can also read your SSH keys, access your cloud credentials, and exfiltrate your entire codebase.

01.06.2025 18:09 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

Bottom line: When your AI assistant in Claude or Cursor connects to an MCP server via stdio, you're essentially giving that server the same permissions you have on your system.

01.06.2025 18:09 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

When you run `npx -y @some-org/mcp-server-tool`, you're:

- Executing arbitrary code with your permissions
- Trusting an unvetted supply chain
- Granting network and filesystem access
- Bypassing traditional security controls

01.06.2025 18:08 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

MCP's stdio transport was designed for developer convenience, not enterprise security.

Unlike remote MCP servers that run on external infrastructure, stdio servers execute directly on your local machine where you're running Claude Desktop, Cursor, or other MCP clients.

01.06.2025 18:08 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

What MCP security actually requires:

- Treating every server as potential malware
- Implementing application-level sandboxing
- Auditing every tool description for hidden instructions
- Zero-trust model for all MCP interactions

01.06.2025 18:08 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

Myth 3: "Trusted sources guarantee safety"

Even legitimate packages can be compromised through:

- Supply chain attacks
- Typosquatting
- Dependency confusion

01.06.2025 18:07 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

Myth 2: "Human oversight prevents attacks"

Here's why this is a faulty belief:

- Hidden Unicode instructions bypass visual inspection
- Users lack expertise to spot malicious command modifications
- Consent fatigue leads to automatic approval

01.06.2025 18:07 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

Here are 3 myths about MCP you need to immediately stop believing:

Myth 1: "MCP servers are just APIs"

Unlike REST APIs, stdio MCP servers execute on your local machine with full system permissions. They're not services - they're programs running alongside your AI assistant.

01.06.2025 18:07 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

You've just told Claude to download and execute arbitrary code with your full user permissions.

01.06.2025 18:06 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

Most MCP servers use stdio mode, which means the server runs locally on your machine, not remotely.

Here's what happens when you add this to your Claude Desktop config:

{
"πš–πšŒπš™πš‚πšŽπš›πšŸπšŽπš›πšœ": {
"πšœπš˜πš–πšŽ-πšπš˜πš˜πš•": {
"πšŒπš˜πš–πš–πšŠπš—πš": "πš—πš™πš‘",
"πšŠπš›πšπšœ": ["-𝚒", "@πšœπš˜πš–πšŽ-πš˜πš›πš/πš–πšŒπš™-πšœπšŽπš›πšŸπšŽπš›-πšπš˜πš˜πš•"]
}
}
}

01.06.2025 18:06 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

Stop treating MCP servers like browser extensions.

Start treating them like you're downloading random executables from the internet.

Because when you add an MCP server to Claude Desktop or Cursor IDE, that's exactly what you're doing!

01.06.2025 18:05 β€” πŸ‘ 8    πŸ” 4    πŸ’¬ 4    πŸ“Œ 1
Post image

Just published Part 3: MCP Integration: bit.ly/43GFHyB

22.05.2025 21:48 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

Just published Part 3: MCP Integration: bit.ly/43GFHyB

22.05.2025 21:48 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

🧬 The Strands Agents Hands-On Tutorial - Part 3: MCP Integration

In this quick lesson, you'll learn how to connect your Strands AI agent to external services using the Model Context Protocol (MCP).

Check it out: bit.ly/43GFHyB

22.05.2025 21:13 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

The next installment of my Strands Agents tutorial series is live: Tool Integration

Learn how to connect your agent to the real world using built-in and custom tools with the Strands Agents SDK.

Check it out: bit.ly/43neXBY

21.05.2025 18:28 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Building AI Agents with Strands: An Introduction to the Series Build AI agents with the Strands Agents SDK in this hands-on tutorial series. Create agentic systems with tools, MCP integration, and multi-agent collaboration.

🧬 Just kicked off my tutorial series on building AI agents with the Strands Agents SDK!

After a quick intro to this new framework, we'll dive directly into some code and create a functional agent with just a few lines of code.

Check it out!

community.aws/content/2xOw...

21.05.2025 11:42 β€” πŸ‘ 2    πŸ” 1    πŸ’¬ 1    πŸ“Œ 0
Post image

Hey developer friends!

Wanna add generative AI to your applications using a real stack - like Java, JavaScript, C#, or PHP? This one's for you!

Start the day right and join my session "No Python? No Problem! Generative AI for the rest of us"

πŸ‘‰ Register now
aws.amazon.com/events/summi...

15.05.2025 19:19 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

If there only was a vaccine against... Oh, wait!

19.04.2025 16:44 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Post image

Agentic AI, MCP & the future of software engineering β€” a new episode of the AWS Developers Podcast is out now!

🎧 Dive in and listen in your podcast app or here πŸ‘‰ developers.podcast.g...

#AWS #AI #LLM #MCP #GenerativeAI #Developers

18.04.2025 11:37 β€” πŸ‘ 4    πŸ” 3    πŸ’¬ 1    πŸ“Œ 0
Post image

Today's my son's 14 birthday! It's unbelievable how fast they grow up, right? πŸ₯²πŸŽ‚πŸ₯³

18.04.2025 10:41 β€” πŸ‘ 4    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Preview
GitHub - aws-samples/sample-agents-with-nova-act-and-mcp: Discover how to build agents that can perform actions on websites by combining Amazon Nova Act with Model Context Protocol (MCP). Discover how to build agents that can perform actions on websites by combining Amazon Nova Act with Model Context Protocol (MCP). - aws-samples/sample-agents-with-nova-act-and-mcp

This is a great example!

Building Agents with Amazon Nova Act and MCP πŸ‘‰ How to build intelligent web automation agents using Amazon Nova Act integrated with Model Context Protocol (MCP)

buff.ly/16tnrq6

#AWS #AI #GenAI #MCP

12.04.2025 13:23 β€” πŸ‘ 2    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0

"Harness" is the new "delve", right?

Which other terms do you regularly see in AI-generated copy?

12.04.2025 13:39 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Preview
Amazon Nova in European Union and Asia Pacific New regional processing options for Amazon Nova understanding models

Are you based in the EU? We've just deployed our latest text-generation models, Nova Micro, Lite, and Pro in Frankfurt, Dublin, Stockholm, and Paris!

www.aboutamazon.eu/news/aws/ama...

03.03.2025 12:37 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Developers: what is your view of AWS?

26.02.2025 18:03 β€” πŸ‘ 11    πŸ” 5    πŸ’¬ 14    πŸ“Œ 1
Preview
GitHub - danilop/MCP2Lambda: Run any AWS Lambda function as a Large Language Model (LLM) tool without code changes using Anthropic's Model Control Protocol (MCP). Run any AWS Lambda function as a Large Language Model (LLM) tool without code changes using Anthropic's Model Control Protocol (MCP). - danilop/MCP2Lambda

Inspired by the latest AI Demo Days in London, I built this:

Run any AWS Lambda function as a Large Language Model (LLM) tool without code changes using Anthropic's Model Control Protocol (MCP)

https://github.com/danilop/MCP2Lambda

#AI #GenAI #MCP #AWS #Serverless

26.02.2025 10:51 β€” πŸ‘ 6    πŸ” 3    πŸ’¬ 1    πŸ“Œ 1
How to use Reasoning with Claude 3.7 Sonnet on Amazon Bedrock - JavaScript Edition Follow this step-by-step guide to implement Claude 3.7 Sonnet's reasoning capability in JavaScript using Amazon Bedrock.

Hey JavaScript developers! Here's a quick tutorial showing how to embed Claude's new reasoning mode in your apps

community.aws/content/2tX5...

25.02.2025 22:22 β€” πŸ‘ 8    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

@dtraub is following 20 prominent accounts