Blog

Research

Careers

Help Center

Ask anything

Written by

Perplexity Team

Published on

Perplexity Is Open-Sourcing Bumblebee

The rapid advancement of AI has brought new complexity to the security landscape, with vulnerabilities discovered every day. 

Recent threats increasingly target the software packages, developer tools, and local environments that modern engineering teams like Perplexity rely on. So the integrity of our products has to begin further up the supply-chain than production. 

Today we are open-sourcing one of the internal tools we use to protect the developer systems behind Perplexity, Comet, and Computer. 

Introducing Bumblebee

Bumblebee is a read-only scanner we use to check developer machines for risky packages, extensions, and AI tool configs during supply-chain incidents. 

Bumblebee is useful to all security teams. Whenever a new vulnerability is reported, they need to know right away if any of their machines were exposed. 

Making Perplexity products more secure for users starts with protecting the developer systems we build them with. Bumblebee is one component in our broader security workflow where Perplexity Computer helps track emerging threats, humans review catalog updates, and Bumblebee checks whether exposed components appear across developer endpoints.

Today we are open-sourcing Bumblebee, so any team can build on the same security layer. 

From threat signal to endpoint scan 

Engineering organizations can now run Bumblebee with their own catalogs and review process. Here’s how we use Bumblebee internally: 

  1. A threat signal is identified through public disclosures, third-party intel feeds, or internal research.

  2. Perplexity Computer drafts a catalog update. It enters the signal into a structured entry (ecosystem, name, version), and then opens a GitHub PR with source links. 

  3. It enters human review, after which the PR is merged.

  4. Bumblebee runs on endpoints with the updated catalog.

  5. Findings are shared with the security team.

Bumblebee supports three scan profiles, which tell it where and how broadly to search: 

  • Baseline profile: Routine scan of standard laptop locations. Teams schedule it through their own MDM or fleet tooling.  

  • Project profile: Targeted scan of specific repos or workspaces.

  • Deep profile: Response sweep for active incidents.

Each detection is traceable, showing which catalog entry triggered the filing, when it was added, and any evidence. 

Security starts at the local developer surface 

SBOM and vulnerability scanners handle repositories and build artifacts. Endpoint inventory products cover installed applications. Bumblebee runs on the developer laptop. It tells you whether that machine has a specific package, version, extension, or MCP configuration installed when a supply-chain advisory lands.

What Bumblebee reviews

Existing open-source tools tend to cover one or two of these surfaces. Bumblebee covers all four:

  • Language package managers: npm, pnpm, Yarn, Bun, PyPI, Go modules, RubyGems, Composer

  • AI agent configs: MCP 

  • Editor extensions: VS Code-family (VS Code, Cursor, Windsurf, VSCodium)

  • Browser extensions: Chromium-family (Chrome, Comet, Edge, Brave, Arc) and Firefox

Evaluate exposure safely 

Bumblebee is read-only. It reads metadata files directly and never lets potentially compromised tooling run, which prevents the scan from becoming the risk. Making Bumblebee read-only helps avoid issues with install-time code execution.

npm packages can carry postinstall scripts that run automatically the moment npm install touches them. That's how most recent supply-chain worms have spread. A scanner that invokes npm to check for exposure has already triggered the attack it was looking for. Bumblebee prevents this by avoiding: 

  • Code execution: never runs install scripts or lifecycle hooks.

  • Package-manager invocation: never runs npm, pnpm, bun, or pip.

  • Source-file reading: never reads application source files; it reads metadata such as lockfiles, manifests, and installed package metadata.

  • Process or network monitoring: Bumblebee is not an EDR.

Bumblebee is available now as an open source Go project for macOS and Linux developer endpoints. Security teams can download it, run it against their own catalog of bad versions, and feed the results into whatever response workflow they already use.

Share this article