Perplexity has officially open-sourced Bumblebee, an internal security tool developed to protect its own software supply chain directly at the developer endpoint surface.
Available as an open-source Go project under the Apache 2.0 license, Bumblebee acts as a fast, single-shot, read-only inventory collector for macOS and Linux. It is designed to help security teams instantly flag risky packages, editor plugins, and malicious artificial intelligence configurations across developer machines when a supply-chain advisory lands.
1. The Blind Spot: Laptops vs. Servers
Traditional software supply-chain security usually focuses on two distinct zones:
- SBOMs & CI/CD Scanners: Tell you what is inside your code repositories and final production build artifacts.
- EDR (Endpoint Detection & Response): Monitors running processes and execution anomalies on user systems.
Bumblebee targets the gap right in the middle: What is actively installed or cached on a software engineer’s local machine right now? Developer machines are dense ecosystems of local lockfiles, global package configurations, browser tools, and IDE extensions. If a dependency is compromised, it can trigger an exploit locally before code is ever packaged or pushed to a production server.
2. The Core Safety Feature: Absolute Read-Only Architecture
Most traditional package query utilities run active command-line strings (like npm ls, pip show, or go list) to determine version histories. In modern supply-chain attacks, this convention poses an immediate security threat.
Malicious packages frequently carry automated postinstall scripts or lifecycle hooks that execute code the moment they are evaluated or installed. If a security team runs a scanning script that mistakenly invokes the underlying package manager over a compromised workspace, the scanner itself executes the attack it was searching for.
Bumblebee completely bypasses this risk by operating with zero code execution. It directly reads static metadata records, lockfiles, and manifest structures from the filesystem without ever invoking runtime tools like npm, pnpm, bun, or pip.
3. The Four Attack Surfaces Covered
Bumblebee scans across four crucial environments on developer machines during a single sweep:
- Language Package Managers: Directly reads
package-lock.json,pnpm-lock.yaml,go.sum, and*.dist-info/METADATAfiles for npm, pnpm, Yarn, Bun, PyPI, Go modules, RubyGems, and Composer. - AI Agent Configurations: Scans local Model Context Protocol (MCP) host configurations, including JSON settings for tools like Claude Desktop (
claude_desktop_config.json) and Cline (cline_mcp_settings.json). - Editor Extensions: Audits active installation manifests for the VS Code family, including standard VS Code, Cursor, Windsurf, and VSCodium.
- Browser Extensions: Evaluates browser plugin manifests across the Chromium family (Chrome, Comet, Edge, Brave, and Arc) along with Firefox.
4. Technical Blueprint & Scan Profiles
Built entirely in Go (requiring version 1.25 or later), Bumblebee runs as a single static binary with zero non-standard library dependencies. It evaluates environments against operator-supplied Exposure Catalogs (simple structured JSON threat lists) and outputs findings in structured NDJSON (Newline-Delimited JSON) format for immediate integration into enterprise SIEM platforms like Splunk or Datadog.
The tool features three distinct scanning profiles to fit various operational contexts:
| Scan Profile | Operational Scope | Targeted Use Case |
| Baseline | Standard global and user package roots, common toolchains, browser profiles, and MCP configurations. | Automated, routine fleet scanning scheduled via MDM or fleet management systems. |
| Project | Focused development paths and specific project workspaces (e.g., ~/code, ~/src). | Quick validation of local repositories and active feature branches. |
| Deep | Sweeps broader operator-supplied directories, frequently targeting an entire user home directory. | Emergency response and active threat-hunting during a live zero-day incident. |
5. The Automated Workflow Synergy
Internally, Perplexity ties Bumblebee directly into its autonomous agent infrastructure to handle emerging threat signals in real-time:
[Threat Signal Identified]
│
â–¼
[Perplexity Computer] ──► Drafts structured entry & opens GitHub PR
│
â–¼
[Human Developer] ──► Reviews and merges Catalog Update
│
â–¼
[Bumblebee Deployment] ──► Fleet endpoints checked against new Catalog
│
â–¼
[Security Team] ──► Receives structured NDJSON audit trace
This model provides an immediate method for infrastructure teams to convert upstream security advisories into active endpoint validation across an engineering organization without disrupting developer workflows.
Getting Started
To fetch and install the latest compiled build directly from the public repository, developers can execute:
Bash
go install github.com/perplexityai/bumblebee/cmd/bumblebee@latest
Following compilation, running bumblebee selftest allows users to verify binary behavior locally against integrated hardware test fixtures.
Perplexity Just Open-Sourced an AI Supply Chain Scanner
This short video breakdown outlines Perplexity’s launch of the Bumblebee project, explaining how the read-only design helps security teams audit developer laptops without accidentally triggering malicious postinstall scripts.