Key Highlights:
- Perplexity has open-sourced Bumblebee, a new cybersecurity tool designed to help developers spot software supply-chain threats across coding environments, browser extensions, and AI configurations.
- The scanner runs in read-only mode on macOS and Linux to avoid launching harmful scripts during a security check.
This latest open-source release highlights how developer systems are prime targets for cybercriminals. AI tools and coding assistants are making software development faster and more powerful but they are also adding new security risks like dependencies, browser extensions, and automated workflows. Bumblebee aims to give developers a way to check these risks without making their systems even more vulnerable.
Perplexity says they were already using tool internally to protect products like Perplexity AI, Comet, and Perplexity Computer. By sharing Bumblebee with everyone, they hope to boost community security and encourage more transparency around modern developer defenses.
What Makes Bumblebee Different from Traditional Security Scanners?
Bumblebee’s a lightweight scanner is mainly for macOS and Linux developer machines. Its core job is to find risky software pieces, odd configurations, and compromised extensions in modern development setups.
Some of the key features are:
- It only scans in read-only mode so it won’t execute package managers or install scripts.
- It spots shady dependencies linked to supply-chain attacks.
- It supports npm, pnpm, Yarn, Bun, PyPI, Go modules, RubyGems, and Composer.
- It checks MCP configurations and AI workflows.
- It monitors extensions in VS Code, Cursor, and Windsurf.
- It looks over browser extensions on Chromium-based browsers and Firefox.
- Lightweight install and it is easy to deploy on developer machines.
One big problem lately is “postinstall” scripts hidden in software packages. Attackers use them to sneak in harmful code right after you install a dependency. Bumblebee cuts that risk by only inspecting metadata, lockfiles, and configurations but never installing anything.
These days, AI-powered coding environments have changed things even more. Developers depend on browser-based AI tools, tons of extensions, and automated assistants that hook deeply into their systems. Security experts warn that compromised AI toolchains can leak credentials, inject harmful code, or create backdoors inside company infrastructure.
Bumblebee was built with these threats in mind, giving developers better visibility into the software and extensions running on their systems.
Also read: Perplexity Computer Now Integrates With Snowflake: What it is and How to Set it Up
How to Install and Use Bumblebee
Today we’re open-sourcing Bumblebee, a read-only scanner for macOS and Linux.
— Perplexity (@perplexity_ai) May 22, 2026
It checks developer machines for risky packages, extensions, and AI tool configs.
Connected to Computer, it can trigger deeper scans whenever a new supply-chain risk emerges.https://t.co/FOaWnF1yQy pic.twitter.com/wXauD4wDOT
Developers can get started with Bumblebee from the official GitHub repository. The setup process is designed to be relatively easy for users familiar with command-line environments.
Step 1: Visit the Bumblebee GitHub repository and clone the project onto a macOS or Linux machine.
Step 2: Follow the installation instructions provided in the documentation to build or install the scanner locally.
Step 3: Open the terminal and launch Bumblebee using the recommended command-line instructions.
Step 4: Let the scanner inspect package dependencies, development tools, browser extensions, and AI-related configurations.
Step 5: Review the generated security report for suspicious packages, risky extensions, or unusual configurations flagged during the scan.
Step 6: Investigate and manually remove, isolate, or update any components identified as potentially unsafe.
Perplexity says that Bumblebee is meant to work alongside your existing security setup, not replace it. Teams can connect it with endpoint security tools, dependency audit platforms, and internal compliance checks to strengthen overall developer security.
Conclusion
By open-sourcing Bumblebee, Perplexity is making developer security tools more accessible and promoting transparency in securing AI-driven workflows. Its read-only scanning and broad software ecosystem support could make Bumblebee a go-to tool for organizations trying to cut supply-chain risks without making things more complicated.
