Perplexity Open Sources Bumblebee to Scan Developer Machines for AI Risks

May 22, 2026

Perplexity, an AI-powered answer engine and agent platform, open-sourced Bumblebee as a read-only inventory collector for macOS and Linux. It scans for risky packages, browser extensions, and Model Context Protocol (MCP) configurations. It never executes code or invokes package managers during a sweep to avoid triggering malicious scripts.

Developer environments are now primary targets for lateral movement, as seen in the LiteLLM supply chain attack and the Vercel security breach. As teams adopt agentic tools, they introduce unmonitored configuration files and IDE extensions. Bumblebee audits this messy local state without the risk of triggering post-install malware.

You can deploy Bumblebee as a static binary using three scan profiles: baseline for routine inventory, project for workspaces, and deep for incident response. It integrates with threat intelligence to flag matches against known exposure catalogs. The project is available now under the Apache License 2.0 on GitHub for security teams.

View the full update on perplexity.ai

Perplexity

@perplexity_ai5h ago

Today we're open-sourcing Bumblebee, a read-only scanner for macOS and Linux. It checks developer machines for risky packages, extensions, and AI tool configs. Connected to Computer, it can trigger deeper scans whenever a new supply-chain risk emerges. https://t.co/FOaWnF1yQy https://t.co/wXauD4wDOT

49420

View on X

Still wondering? A few quick answers below.

Bumblebee is a read-only security scanner designed to protect developer machines running macOS and Linux. It inventories local metadata to identify risky software packages, browser extensions, and AI tool configurations. By focusing on the developer endpoint, it helps security teams detect supply-chain vulnerabilities that traditional repository or production scanners might overlook during an active incident.

Bumblebee is strictly read-only and does not invoke package managers like npm or pip, which can trigger malicious scripts during execution. Instead, it directly reads on-disk metadata files such as lockfiles and manifests. This approach prevents the scanner itself from becoming a security risk by avoiding the automatic execution of post-install hooks often used in supply-chain attacks.

The scanner covers a wide range of developer tools, including language package managers like npm, PyPI, and Go modules. Crucially for AI workflows, it also audits Model Context Protocol configurations and extensions for AI-native editors like Cursor and Windsurf. It also reviews browser extension manifests for Chromium-based browsers and Firefox to identify potentially compromised plugins.

Yes, Perplexity has released Bumblebee as an open-source project under the Apache License 2.0. It is written in Go and available as a single static binary with no non-standard library dependencies. Security teams can download the source code from GitHub to run scans against their own custom exposure catalogs or use the threat intelligence maintained by Perplexity.

While Software Bill of Materials tools track what is shipped in a final product and Endpoint Detection and Response products monitor active network or process behavior, Bumblebee targets the messy local state of developer laptops. It specifically answers whether a machine contains a matching package or extension version on disk the moment a new supply-chain advisory is published.