Perplexity opens Bumblebee to scan developer machines without running code
Original: Perplexity is open-sourcing Bumblebee View original →
Supply-chain response now has to reach the developer laptop, not just the repository. In a May 22 post, Perplexity released Bumblebee as an open-source, read-only scanner for macOS and Linux machines used by developers.
The tool was built inside Perplexity to protect the development systems behind Perplexity, Comet, and Computer. Its purpose is narrow but practical: when a new advisory flags a compromised package, extension, or AI-tool configuration, security teams need to know which machines and workspaces were actually exposed.
Bumblebee checks four surfaces that are often split across separate tools. For language package managers, it covers npm, pnpm, Yarn, Bun, PyPI, Go modules, RubyGems, and Composer. For AI agent setups, it inspects MCP configuration. For editor extensions, it covers the VS Code family, including VS Code, Cursor, Windsurf, and VSCodium. For browsers, it includes Chromium-family browsers such as Chrome, Comet, Edge, Brave, and Arc, as well as Firefox.
The read-only design is the important technical choice. Perplexity says Bumblebee reads metadata directly and does not invoke package managers such as npm, pnpm, bun, or pip. It also avoids install scripts, lifecycle hooks, application source files, and process or network monitoring. That matters because many recent supply-chain attacks spread through postinstall scripts. A scanner that calls the package manager can become the thing that triggers the attack it is trying to detect.
Perplexity’s internal workflow also shows how AI tooling is being folded into security operations. A threat signal can come from public disclosure, third-party intelligence, or internal research. Perplexity Computer drafts a catalog update with ecosystem, package, and version data, then opens a GitHub pull request with source links. A human review gates the catalog change before Bumblebee scans endpoints and sends results to the security team.
Bumblebee is not an EDR and does not claim to remediate infections. Its value is exposure mapping: which developer systems contain a risky package, extension, MCP config, or browser add-on after a supply-chain signal lands. For AI companies putting agents, browsers, and local tools deeper into production workflows, that inventory layer is becoming part of product security rather than a back-office checklist.
Related Articles
Google said it is pairing new funding with AI-powered security tooling to help open source maintainers respond faster as AI increases both vulnerability discovery and attack pressure. The announcement combines a collective $12.5 million pledge through Alpha-Omega with wider use of tools such as Big Sleep, CodeMender, and Sec-Gemini.
Perplexity said on March 17, 2026 that it is launching Comet Enterprise for team use. Perplexity's enterprise page says the browser can answer queries, navigate sites, summarize pages, respond to email, send calendar invites, and adds governance features including prompt-injection protection, SOC 2 Type II and HIPAA compliance, CrowdStrike-based controls, MDM deployment, telemetry, and audit logs.
A public issue carrying hostile instructions became the evidence HN needed for a sharper debate about agent permissions.