Perplexity launches Bumblebee, a read-only scanner that finds risky packages, extensions and AI configs

Perplexity has released Bumblebee, an open-source, read-only scanner designed to detect risky language packages, editor and browser extensions, and AI agent configurations on developer machines. The company says Bumblebee is one of the internal tools protecting developer systems behind Perplexity, Comet, and Computer. The project is available now as a Go repository and runs on macOS and Linux.

Bumblebee inspects four distinct surfaces rather than relying on runtime behavior: language package managers (npm, pnpm, Yarn, Bun, PyPI, Go modules, RubyGems, Composer); AI agent configurations that use the Model Context Protocol (MCP); VS Code-family editor extensions (including VS Code, Cursor, Windsurf, VSCodium); and browser extensions for Chromium — family browsers (Chrome, Comet, Edge, Brave, Arc) and Firefox. It operates in a read-only mode and can export findings for integration with existing security systems.

The tool targets a common post‑incident challenge: after supply‑chain advisories, teams often cannot quickly determine whether developers actually have a compromised package or tooling installed. Perplexity positions Bumblebee as broader in scope than many open-source tools, which typically cover one or two surfaces; Bumblebee claims concurrent coverage of all four. The release follows a wave of supply‑chain incidents the company cites, including high‑profile compromises on npm and PyPI.

Perplexity outlines a concrete operational workflow for using Bumblebee. A threat signal — sourced from public disclosures, third‑party feeds, or internal research — is converted into a structured catalog entry (ecosystem, name, version) and submitted as a GitHub pull request. After human review and merge, the updated catalog is distributed and Bumblebee runs on endpoints to generate findings, which are then forwarded to security teams for action. This process ties detections to traceable catalog entries.

Bumblebee ships with an open catalog stored in the repository’s threat_intel/ directory. Each catalog file follows a standard JSON format (schema_version plus entries), and the README documents the maintained exposure catalogs, which Perplexity says are built from public threat‑intelligence reporting on recent supply‑chain campaigns. Users can run Bumblebee with Perplexity’s JSON catalog or plug in their own catalogs and review processes.

As a detection tool, Bumblebee deliberately avoids remediation or dynamic analysis: it reports presence, records which catalog entry triggered a finding, notes when that entry was added, and includes any evidence. That design makes it most useful as a rapid assessment step after advisories for developers working in JavaScript/TypeScript, Python, Go, Ruby, and PHP, and for teams experimenting with AI MCP configurations, VS Code‑style editors, and Chromium/Firefox browsers.