At a certain scale, it becomes incredibly hard to provide simplicity without compromising on security -- and the unsung heroes in AWS engineering worked long, hard hours to finally provide both!. A great job, well done 👏.

RT @danilop: Just published an extensive demo showcasing how to build multi-agent AI systems using the A2A (Agent-to-Agent) protocol with t….

Generate videos in just a few seconds. Try Grok Imagine, free for a limited time.

Update: I've created a GitHub Issue proposing to address this problem. Please help getting this fixed by adding your +1! . Here's the link:

If you're deploying MCP in production, treat it like you're installing random software from the internet. Because - again - that's exactly what you're doing.

That "productivity tool" that helps manage your GitHub repos?. It can also read your SSH keys, access your cloud credentials, and exfiltrate your entire codebase.

Bottom line: When your AI assistant in Claude or Cursor connects to an MCP server via stdio, you're essentially giving that server the same permissions you have on your system.

When you run `npx -y some-org/mcp-server-tool`, you're:. - Executing arbitrary code with your permissions.- Trusting an unvetted supply chain.- Granting network and filesystem access.- Bypassing traditional security controls.

What MCP security actually requires:. - Treating every server as potential malware.- Implementing application-level sandboxing.- Auditing every tool description for hidden instructions.- Zero-trust model for all MCP interactions.

Myth 3: "Trusted sources guarantee safety". Even legitimate packages can be compromised through: . - Supply chain attacks.- Typosquatting.- Dependency confusion.

Myth 2: "Human oversight prevents attacks". Here's why this is a faulty belief:. - Hidden Unicode instructions bypass visual inspection.- Users lack expertise to spot malicious command modifications.- Consent fatigue leads to automatic approval.

Here are 3 myths about MCP you need to immediately stop believing:. Myth 1: "MCP servers are just APIs". Unlike REST APIs, stdio MCP servers execute on your local machine with full system permissions. They're not services - they're programs running alongside your AI assistant.

You've just told Claude to download and execute arbitrary code with your full user permissions.

Here's what happens when you add this to your Claude Desktop config:.{. "𝚖𝚌𝚙𝚂𝚎𝚛𝚟𝚎𝚛𝚜": {. "𝚜𝚘𝚖𝚎-𝚝𝚘𝚘𝚕": {. "𝚌𝚘𝚖𝚖𝚊𝚗𝚍": "𝚗𝚙𝚡",. "𝚊𝚛𝚐𝚜": ["-𝚢", "@𝚜𝚘𝚖𝚎-𝚘𝚛𝚐/𝚖𝚌𝚙-𝚜𝚎𝚛𝚟𝚎𝚛-𝚝𝚘𝚘𝚕"]. }. }. }.

Most MCP servers use stdio mode, which means the server runs locally on your machine, not remotely.

Stop treating MCP servers like browser extensions. Start treating them like you're downloading random executables from the internet. Because when you add an MCP server to Claude Desktop or Cursor IDE, that's exactly what you're doing!. A 🧵.

Just published Part 3: MCP Integration:

Just published Part 3: MCP Integration:

🧬 The Strands Agents Hands-On Tutorial - Part 3: MCP Integration. In this quick lesson, you'll learn how to connect your Strands AI agent to external services using the Model Context Protocol (MCP). Check it out:

The next installment of my Strands Agents tutorial series is live: Tool Integration. Learn how to connect your agent to the real world using built-in and custom tools with the Strands Agents SDK. Check it out:

🧬 Just kicked off my tutorial series on building AI agents with the Strands Agents SDK!. After a quick intro to this new framework, we'll dive directly into some code and create a functional agent with just a few lines of code. Check it out!.