Akshay 🚀 Profile picture
Jul 20 13 tweets 4 min read Read on X
MCP security is completely broken!

Let's understand tool poisoning attacks and how to defend against them:
MCP allows AI agents to connect with external tools and data sources through a plugin-like architecture.

It's rapidly taking over the AI agent landscape with millions of requests processed daily.

But there's a serious problem... 👇
1️⃣ What is a Tool Poisoning Attack (TPA)?

When Malicious instructions are hidden within MCP tool descriptions that are:

❌ Invisible to users
✅ Visible to AI models

These instructions trick AI models into unauthorized actions, unnoticed by users.
Here's how the attack works:

AI models see complete tool descriptions (including malicious instructions), while users only see simplified versions in their UI.

First take a look at this malicious tool: Image
Let me quickly show the attack in action by connecting this server to my cursor IDE.

Check this out👇
Now let's understand a few other ways these attacks can happen and then we'll also talk about solutions...👇
2️⃣ Tool hijacking Attacks:

When multiple MCP servers are connected to same client, a malicious server can poison tool descriptions to hijack behavior of TRUSTED servers.

Here's an example of an email sending server hijacked by another server:
Take a look at these two MCP servers before we actually use them to demonstrate tool hijacking.

`add()` tool in the second server secretly tries to hijack the operation of send email tool in the first server. Image
Let's see tool hijacking attack in action, again by connecting the above two servers to my cursor IDE!

Check this out👇
3️⃣ MCP Rug Pulls ⚠️

Even worse - malicious servers can change tool descriptions AFTER users have approved them.

Think of it like a trusted app suddenly becoming malware after installation.
This makes the attack even more dangerous and harder to detect.
🛡️Mitigation Strategies:

- Display full tool descriptions in the UI
- Pin (lock) server versions
- Isolate servers from one another
- Add guardrails to block risky actions

Until security issues are fixed, use EXTREME caution with.
Finally, here's a summary of how MCP works and how these attacks can occur. This visual explains it all.

I hope you enjoyed today's post. Stay tuned for more! 🙌
If you found it insightful, reshare with your network.

Find me → @akshay_pachaar ✔️
For more insights and tutorials on LLMs, AI Agents, and Machine Learning!

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Akshay 🚀

Akshay 🚀 Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @akshay_pachaar

Jul 21
Transformer vs. Mixture of Experts in LLMs, clearly explained (with visuals):
Mixture of Experts (MoE) is a popular architecture that uses different "experts" to improve Transformer models.

The visual below explains how they differ from Transformers.

Let's dive in to learn more about MoE!
Transformer and MoE differ in the decoder block:

- Transformer uses a feed-forward network.
- MoE uses experts, which are feed-forward networks but smaller compared to that in Transformer.

During inference, a subset of experts are selected. This makes inference faster in MoE.
Read 10 tweets
Jul 17
10 GitHub repos that will set you up for a career in AI engineering (100% free):
1️⃣ ML for Beginners by Microsoft

A 12-week project-based curriculum that teaches classical ML using real-world datasets using Scikit-learn.

Includes quizzes, R/Python lessons, and hands-on projects. Some of the lessons are available as short-form videos.

Check this👇 Image
2️⃣ AI for Beginners by Microsoft

This repo covers neural networks, NLP, CV, transformers, ethics & more. There are hands-on labs in PyTorch & TensorFlow using jupyter notebooks.

Beginner-friendly, project-based, and full of real-world applications.

Check this 👇 Image
Read 13 tweets
Jul 16
Let's build a multi-agent content creation system (100% local):
Before we dive in, here's a quick demo of what we're building!

Tech stack:

- @motiadev as the unified backend framework
- @firecrawl_dev to scrape web content
- @ollama to locally serve Deepseek-R1 LLM

The only AI framework you'll ever need to learn! 🚀
Here's the workflow:

- User submits URL to scrape
- Firecrawl scrapes content and converts it to markdown
- Twitter and LinkedIn agents run in parallel to generate content
- Generated content gets scheduled via Typefully

Now, let's dive into code!
Read 14 tweets
Jul 14
ML researchers just built a new ensemble technique.

It even outperforms XGBoost, CatBoost, and LightGBM.

Here's a complete breakdown (explained visually):
For years, gradient boosting has been the go-to for tabular learning.

TabM is a parameter-efficient ensemble that provides:
- The speed of an MLP.
- The accuracy of GBDT.

The visual below explains how it works.

Let's dive in!
In tabular ML:

- MLPs are simple and fast, but usually underperform on tabular data.
- Deep ensembles are accurate but bloated and slow.
- Transformers are powerful but rarely practical on tables.

The image below depicts an MLP ensemble, and it looks heavily parameterized👇
Read 8 tweets
Jul 12
A Crash Course on Building AI Agents!

Here's what it covers:

- What is an AI agent
- Connecting agents to tools
- Overview of MCP
- Replacing tools with MCP servers
- Setting up observability and tracing

All with 100% open-source tools!
This course builds agents based on the following definition:

An AI agent uses an LLM as its brain, has memory to retain context, and can take real-world actions through tools, like browsing web, running code, etc.

In short, it thinks, remembers, and acts.
100% open-source tech stack:

- @crewAIInc for building MCP ready agents
- @zep_ai Graphiti to add human like memory
- @Cometml Opik for observability and tracing.

You can find the entire code here: github.com/patchy631/ai-e…
Read 5 tweets
Jul 11
MCP is on fire.

AI agents can now talk to real world tools, apps and actually get stuff done.

This changes everything.

Here are 10 amazing examples:
1️⃣ WhatsApp MCP

Exchange images, videos, and voice notes on WhatsApp!

Pair it with the ElevenLabs MCP server for AI-powered transcription & audio messages with 3,000+ voices.

Check this out👇
2️⃣ MCP-powered Agentic RAG

I created this server for Cursor and lets it perform deep web searches, as well as RAG over a specified directory.

Everything from the comforts of your IDE:
Read 12 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

:(