Overview
- Bumblebee is a free, open-source tool designed to examine developer computers for compromised software, malicious browser extensions, and AI connector configurations, all without executing the infected code.
- Unlike most scanners that activate the software they are inspecting, potentially triggering the very attacks they are intended to identify, Bumblebee takes a different approach.
- This is the first open-source scanner to treat MCP configuration files—connectors that allow AI tools to access user data—as a significant security concern.
Consider the scenario where you suspect someone has tampered with your water supply. To verify your suspicion, you would taste from every bottle, which is essentially how many security scanners operate.
Perplexity has recently made available a tool named Bumblebee, which adopts a unique method. It checks developer computers for infected software packages, harmful browser extensions, and compromised configurations for AI tools, all without executing any of the potentially harmful code. In essence, it analyzes the recipe without consuming the dish.
On May 11, a hacker group known as TeamPCP inserted malicious code into over 160 software packages that millions of developers utilize globally, including those from Mistral AI, UiPath, and a popular React tool that garners 12 million downloads weekly. The attack propagated automatically as soon as developers installed these packages. Perplexity asserts that Bumblebee could have thwarted this incident.
The Importance of "Read-Only" Scanning
Software packages, particularly in the JavaScript ecosystem, can execute hidden scripts immediately upon installation. This characteristic facilitated the rapid spread of the May 11 attack. The malicious code activated automatically during the installation process, often before any irregularities were detected.
A scanner that utilizes the package manager to search for infections risks triggering these same scripts. Essentially, while searching for the worm, you might inadvertently activate it. Bumblebee avoids this pitfall by never engaging with the package manager, instead analyzing raw metadata files that detail the installed software without interacting with the software itself.
A key innovation of Bumblebee is its ability to scan MCP configuration files—the local files that dictate which external services AI assistants like Claude or Cursor can connect to.
MCP connectors can allow AI tools access to sensitive information such as emails, databases, calendars, and code. If a malicious connector is embedded in the configuration, it could enable your AI assistant to leak credentials or execute unauthorized commands covertly. Currently, most security tools do not address this risk.
In addition to scanning MCP files, Bumblebee inspects browser extensions across Chrome, Edge, Brave, Arc, and Firefox, as well as plugins for VS Code and its derivatives. The entire scanning process is completed in one go, producing a well-structured list of findings while ensuring that nothing on the machine is altered.
Perplexity's Internal Use of Bumblebee
Perplexity has been employing Bumblebee internally to safeguard the systems that support its search product, the Comet browser, and its Computer AI agent. When a new threat is identified, Perplexity Computer creates a catalog entry for it, which is then reviewed and approved by a human, followed by Bumblebee scanning all developer machines for potential matches.
Bumblebee originated as an internal tool.
Enhancing the security of Perplexity products for users begins with safeguarding the developer systems used to create them.
Read the full blog: https://t.co/M2IrAYtfCg
— Perplexity (@perplexity_ai) May 22, 2026
Teams can maintain their own catalogs in a similar manner. The tool includes a built-in threat directory sourced from recent supply chain attacks, including the one on May 11. The group responsible for this attack, monitored by Google under the alias UNC6780, has been conducting coordinated software poisoning campaigns since at least March 2026.
Bumblebee is freely accessible at github.com/perplexityai/bumblebee under the Apache 2.0 license, allowing users to run, modify, enhance, and fork it without legal consequences.