Perplexity Open Sources Bumblebee to Scan Developer Machines for AI Risks

PerplexityPerplexity

· Updated

Perplexity open-sourced Bumblebee, a read-only security scanner for macOS and Linux designed to identify supply-chain vulnerabilities on developer endpoints. The tool specifically targets the emerging attack surface of AI agent configurations and editor extensions that traditional scanners often miss.

Perplexity, an AI-powered answer engine and agent platform, open-sourced Bumblebee as a read-only inventory collector for macOS and Linux. It scans for risky packages, browser extensions, and Model Context Protocol (MCP) configurations. It never executes code or invokes package managers during a sweep to avoid triggering malicious scripts.
Language
Go 1.25+
License
Apache 2.0
OS support
macOS and Linux
Ecosystems scanned
npm, PyPI, MCP, and others
Execution mode
Read-only (no code execution)

Developer environments are now primary targets for lateral movement, as seen in the LiteLLM supply chain attack and Vercel's third-party AI tool breach. As teams adopt agentic tools, they introduce unmonitored configuration files and IDE extensions. Bumblebee audits this messy local state without the risk of triggering post-install malware.

You can deploy Bumblebee as a static binary using three scan profiles: baseline for routine inventory, project for workspaces, and deep for incident response. It integrates with threat intelligence to flag matches against known exposure catalogs. The project is available now under the Apache License 2.0 on GitHub for security teams.

Perplexity
Perplexity
@perplexity_ai
X

Today we're open-sourcing Bumblebee, a read-only scanner for macOS and Linux. It checks developer machines for risky packages, extensions, and AI tool configs. Connected to Computer, it can trigger deeper scans whenever a new supply-chain risk emerges. https://t.co/FOaWnF1yQy https://t.co/wXauD4wDOT

695retweets5.1klikes
View on X

Still wondering? A few quick answers below.

Bumblebee is a read-only security scanner designed to protect developer machines running macOS and Linux. It inventories local metadata to identify risky software packages, browser extensions, and AI tool configurations. By focusing on the developer endpoint, it helps security teams detect supply-chain vulnerabilities that traditional repository or production scanners might overlook during an active incident.

Bumblebee is strictly read-only and does not invoke package managers like npm or pip, which can trigger malicious scripts during execution. Instead, it directly reads on-disk metadata files such as lockfiles and manifests. This approach prevents the scanner itself from becoming a security risk by avoiding the automatic execution of post-install hooks often used in supply-chain attacks.

The scanner covers a wide range of developer tools, including language package managers like npm, PyPI, and Go modules. Crucially for AI workflows, it also audits Model Context Protocol configurations and extensions for AI-native editors like Cursor and Windsurf. It also reviews browser extension manifests for Chromium-based browsers and Firefox to identify potentially compromised plugins.

Yes, Perplexity has released Bumblebee as an open-source project under the Apache License 2.0. It is written in Go and available as a single static binary with no non-standard library dependencies. Security teams can download the source code from GitHub to run scans against their own custom exposure catalogs or use the threat intelligence maintained by Perplexity.

While Software Bill of Materials tools track what is shipped in a final product and Endpoint Detection and Response products monitor active network or process behavior, Bumblebee targets the messy local state of developer laptops. It specifically answers whether a machine contains a matching package or extension version on disk the moment a new supply-chain advisory is published.

Every HeadsUpAI update is written based on its original source and reviewed before it's published. Read our editorial standards →

Share this update