@dtraub.bsky.social
Software Engineer and Developer Advocate at AWS, exploring the impact of AI, new skills we need to learn, and how to keep up with its pace without going insane.
Itβs π»day !
Spec-driven development brought to your IDE
Try Kiro today
kiro.dev
Update: I've created a GitHub Issue proposing to address this problem.
Please help getting this fixed by adding your +1!
Here's the link: github.com/modelcontext...
Use the Strands SDK to build AI agents, easily integrating with existing MCP tools, selecting models from Bedrock, OpenAI, or Olama.
Itβs so easy, I felt so productive after just one hour :-)
Follow this four-part series of tutorials by @dtraub.bsky.social
community.aws/content/2xP1...
If you're deploying MCP in production, treat it like you're installing random software from the internet.
Because - again - that's exactly what you're doing.
That "productivity tool" that helps manage your GitHub repos? It can also read your SSH keys, access your cloud credentials, and exfiltrate your entire codebase.
01.06.2025 18:09 β π 2 π 0 π¬ 1 π 0Bottom line: When your AI assistant in Claude or Cursor connects to an MCP server via stdio, you're essentially giving that server the same permissions you have on your system.
01.06.2025 18:09 β π 0 π 0 π¬ 1 π 0When you run `npx -y @some-org/mcp-server-tool`, you're:
- Executing arbitrary code with your permissions
- Trusting an unvetted supply chain
- Granting network and filesystem access
- Bypassing traditional security controls
MCP's stdio transport was designed for developer convenience, not enterprise security.
Unlike remote MCP servers that run on external infrastructure, stdio servers execute directly on your local machine where you're running Claude Desktop, Cursor, or other MCP clients.
What MCP security actually requires:
- Treating every server as potential malware
- Implementing application-level sandboxing
- Auditing every tool description for hidden instructions
- Zero-trust model for all MCP interactions
Myth 3: "Trusted sources guarantee safety"
Even legitimate packages can be compromised through:
- Supply chain attacks
- Typosquatting
- Dependency confusion
Myth 2: "Human oversight prevents attacks"
Here's why this is a faulty belief:
- Hidden Unicode instructions bypass visual inspection
- Users lack expertise to spot malicious command modifications
- Consent fatigue leads to automatic approval
Here are 3 myths about MCP you need to immediately stop believing:
Myth 1: "MCP servers are just APIs"
Unlike REST APIs, stdio MCP servers execute on your local machine with full system permissions. They're not services - they're programs running alongside your AI assistant.
You've just told Claude to download and execute arbitrary code with your full user permissions.
01.06.2025 18:06 β π 1 π 0 π¬ 1 π 0Most MCP servers use stdio mode, which means the server runs locally on your machine, not remotely.
Here's what happens when you add this to your Claude Desktop config:
{
"ππππππππππ": {
"ππππ-ππππ": {
"πππππππ": "πππ‘",
"ππππ": ["-π’", "@ππππ-πππ/πππ-ππππππ-ππππ"]
}
}
}
Stop treating MCP servers like browser extensions.
Start treating them like you're downloading random executables from the internet.
Because when you add an MCP server to Claude Desktop or Cursor IDE, that's exactly what you're doing!
Just published Part 3: MCP Integration: bit.ly/43GFHyB
22.05.2025 21:48 β π 0 π 0 π¬ 0 π 0
Just published Part 3: MCP Integration: bit.ly/43GFHyB
22.05.2025 21:48 β π 0 π 0 π¬ 0 π 0
𧬠The Strands Agents Hands-On Tutorial - Part 3: MCP Integration
In this quick lesson, you'll learn how to connect your Strands AI agent to external services using the Model Context Protocol (MCP).
Check it out: bit.ly/43GFHyB
The next installment of my Strands Agents tutorial series is live: Tool Integration
Learn how to connect your agent to the real world using built-in and custom tools with the Strands Agents SDK.
Check it out: bit.ly/43neXBY
𧬠Just kicked off my tutorial series on building AI agents with the Strands Agents SDK!
After a quick intro to this new framework, we'll dive directly into some code and create a functional agent with just a few lines of code.
Check it out!
community.aws/content/2xOw...
Hey developer friends!
Wanna add generative AI to your applications using a real stack - like Java, JavaScript, C#, or PHP? This one's for you!
Start the day right and join my session "No Python? No Problem! Generative AI for the rest of us"
π Register now
aws.amazon.com/events/summi...
If there only was a vaccine against... Oh, wait!
19.04.2025 16:44 β π 1 π 0 π¬ 1 π 0
Agentic AI, MCP & the future of software engineering β a new episode of the AWS Developers Podcast is out now!
π§ Dive in and listen in your podcast app or here π developers.podcast.g...
#AWS #AI #LLM #MCP #GenerativeAI #Developers
Today's my son's 14 birthday! It's unbelievable how fast they grow up, right? π₯²ππ₯³
18.04.2025 10:41 β π 4 π 0 π¬ 1 π 0
This is a great example!
Building Agents with Amazon Nova Act and MCP π How to build intelligent web automation agents using Amazon Nova Act integrated with Model Context Protocol (MCP)
buff.ly/16tnrq6
#AWS #AI #GenAI #MCP
"Harness" is the new "delve", right?
Which other terms do you regularly see in AI-generated copy?
Are you based in the EU? We've just deployed our latest text-generation models, Nova Micro, Lite, and Pro in Frankfurt, Dublin, Stockholm, and Paris!
www.aboutamazon.eu/news/aws/ama...
Developers: what is your view of AWS?
26.02.2025 18:03 β π 11 π 5 π¬ 14 π 1
Inspired by the latest AI Demo Days in London, I built this:
Run any AWS Lambda function as a Large Language Model (LLM) tool without code changes using Anthropic's Model Control Protocol (MCP)
https://github.com/danilop/MCP2Lambda
#AI #GenAI #MCP #AWS #Serverless
Hey JavaScript developers! Here's a quick tutorial showing how to embed Claude's new reasoning mode in your apps
community.aws/content/2tX5...
