Perplexity open-sources Bumblebee, a read-only endpoint scanner for developer machines

Perplexity has published Bumblebee, an open-source, read-only endpoint scanner written in Go for macOS and Linux, making the internal tool it uses to inspect developer machines publicly available. The release gives security teams a way to detect risky packages, editor and browser extensions, and AI agent configurations on developer laptops — shortening exposure assessment after vulnerability disclosures and offering a focused complement to SBOMs and standard vulnerability scanners. Bumblebee operates by reading metadata rather than executing code: it parses lockfiles, manifests and installed package metadata to produce traceable findings. Each detection ties back to a catalog entry and includes which catalog entry triggered the match, when that entry was added, and any supporting evidence collected during the read-only scan. Perplexity emphasizes this traceability to help teams prioritize and investigate exposures without altering endpoint state.

A deliberate design choice keeps Bumblebee from becoming an attack vector itself: the scanner does not execute lifecycle hooks, run postinstall scripts, invoke package managers, or read application source files. Perplexity cites recent postinstall — based supply — chain worms as a motivating factor for avoiding any operations that could change the environment or be abused by malicious packages.

Perplexity describes a catalog — driven workflow that organizations can adopt. Threat signals arrive via public disclosures, third — party intelligence or internal research; Perplexity Computer drafts a structured catalog entry (ecosystem, name, version) and opens a GitHub pull request; human reviewers vet and merge updates; Bumblebee runs the updated catalog against endpoints; and findings are routed to the security team for response. That loop lets teams run the same read-only scans Perplexity uses when a new vulnerability is reported, reducing the time from disclosure to exposure assessment.

Bumblebee supports three scan profiles to match operational needs. The Baseline profile targets routine scans of standard laptop locations and is suitable for scheduling via MDM or other fleet tooling. The Project profile focuses searches on specific repositories or workspaces. The Deep profile is intended for incident — response sweeps and expands the search breadth and depth. Each profile controls where and how broadly Bumblebee looks for listed components.

The scanner covers four developer surfaces in a single tool: language package managers (npm, pnpm, Yarn, Bun, PyPI, Go modules, RubyGems, Composer); AI agent configurations (MCP); editor extensions for VS Code-family editors (VS Code, Cursor, Windsurf, VSCodium); and browser extensions for Chromium — family browsers (Chrome, Comet, Edge, Brave, Arc) and Firefox. Perplexity positions Bumblebee explicitly as not being an EDR, focusing on metadata to minimize scan-induced risk while providing targeted visibility into the local developer surface where installed packages and extensions can introduce supply — chain and local — environment risk.

Perplexity frames the release against a rise in supply — chain attacks that target package ecosystems, developer tools and local environments. By open-sourcing Bumblebee, the company enables other engineering organizations to adopt the same read-only inspection tooling and catalog workflow Perplexity runs internally, helping security and engineering teams prioritize responses and reduce the window of exposure after new vulnerability disclosures.