Perplexity Open-Sources Bumblebee to Scan Developer Machines Without Triggering Malware

Perplexity has open-sourced Bumblebee, a tool that scans developer computers for infected software, malicious browser extensions, and compromised AI connector configs-without executing any code.

Most security scanners invoke the software they check, which can accidentally trigger the very attack they are trying to detect. Bumblebee avoids this by reading raw metadata files instead of running the code, making it a 'read-only' scanner.

On May 11, hacker group TeamPCP (tracked by Google as UNC6780) slipped malicious code into over 160 software packages used by millions of developers, including packages from Mistral AI and UiPath. The attack spread automatically on install. Perplexity says Bumblebee could have prevented it.

Bumblebee also scans MCP configuration files-the connectors that give AI tools access to emails, databases, and calendars. If an attacker sneaks a malicious connector into that config, an AI assistant could leak credentials or run unauthorized commands. Most security tools are not checking for this yet.

The tool covers browser extensions on Chrome, Edge, Brave, Arc, and Firefox, plus editor plugins in VS Code and its forks. Perplexity has been using Bumblebee internally to protect systems behind its search product, Comet browser, and Computer AI agent.

Bumblebee is available free on GitHub under Apache 2.0.