Perplexity Built a Tool That Checks Your Computer for Infected Software—Without Setting Off the Infection
Perplexity has released Bumblebee, an open-source security tool that scans developer computers for malicious software packages, compromised AI tool configurations, and harmful browser or editor extensions—without executing any code. Unlike conventional scanners that may inadvertently trigger malware by running package manager scripts, Bumblebee analyzes raw metadata and configuration files, sidestepping the risk of activating hidden threats. This approach addresses attacks like the May 11 supply chain incident, where malicious code was distributed through popular JavaScript packages and auto-executed upon installation. Bumblebee also uniquely checks MCP configuration files, which dictate AI assistants’ external service access—a common blind spot in security that can lead to leaked credentials or unauthorized actions if compromised. The tool supports scanning Chrome, Edge, Brave, Arc, Firefox extensions, and VS Code plugins in a single, non-intrusive pass, outputting structured reports without modifying the host system. Initially used internally to protect Perplexity’s products, Bumblebee comes with an updatable threat catalog seeded with recent attack data and can be customized by teams. It is available for free under the Apache 2.0 license.
