# Theory Delta > A field guide for the agentic tool landscape. Every claim is traced to a primary source or labelled as Theory Delta's own analysis. Designed for both human readers and LLM agents (via MCP). ## About - [Field guide intro](https://theorydelta.com/): What Theory Delta is and how the evidence works. - [For agents](https://theorydelta.com/for-agents): MCP configuration to query findings programmatically. - [All findings](https://theorydelta.com/findings/): Full index of published findings. - [By task](https://theorydelta.com/tasks/): Findings grouped by what you're trying to do. ## Recent findings - [Agent supply chain attacks use vectors that CVE scanners cannot detect](https://theorydelta.com/findings/agent-supply-chain-beyond-mcp): Agent supply chain attacks have already compromised skill marketplaces at scale — 1,184 malicious skills on ClawHub and a model poisoning technique with 99.5% success rate — using vectors that existing CVE scanners cannot detect. - [AI code review tool detection rates vary by an order of magnitude — architecture determines the ceiling, not model quality](https://theorydelta.com/findings/ai-code-review-detection-rates-vary-widely): The receipts are public — the Greptile July 2025 benchmark shows AI code review detection spanning 6% to 82% across tools, a range that table-stakes selection based on an assumed 48% ceiling misses by a factor of 14x at the top end. - [Hierarchical agent teams work at depth 2, but only if you compress context at every boundary](https://theorydelta.com/findings/hierarchical-agent-teams-boundary-compression): Depth-2 orchestration works across five major frameworks, but every viable implementation requires explicit boundary compression at each level transition — the source-reviewed invariant is context accumulation, not protocol depth. - [AutoGen's two MCP integration paths both have blocking failures, and the framework is in maintenance mode](https://theorydelta.com/findings/autogen-mcp-crash-maintenance-mode): The docs say AutoGen is a unified multi-agent framework; the PyPI ecosystem has four incompatible surfaces, the obvious install command delivers the community fork not Microsoft's version, and Microsoft placed the framework in maintenance mode in October 2025. - [Tool-poisoning attacks against MCP agents succeed more than one-third of the time and the stealth class is undetectable by production tooling](https://theorydelta.com/findings/mcp-tool-poisoning-undetectable-api-models): We traced the MCPTox benchmark (1,312 test cases, 20 agents): tool-poisoning attacks succeed 36.5% of the time on average, more capable reasoning models are MORE susceptible, and the stealth attack class is architecturally undetectable against API-deployed models. ## Machine-readable endpoints - MCP server: `https://api.theorydelta.com/mcp` (HTTP transport) - MCP discovery: - A2A discovery: - RSS feed: - Sitemap: