Perplexity launches Bumblebee, a read-only dev scanner

Perplexity has released Bumblebee, an open-source, read-only scanner for developer machines that looks for risky packages, editor and browser extensions, and AI tool configurations. The tool runs on macOS and Linux, is written in Go, and does not require AI or a subscription; its results can be fed into existing security systems.

Bumblebee inspects four surfaces at once: language package managers (npm, pnpm, Yarn, Bun, PyPI, Go modules, RubyGems, Composer), AI agent configs using Model Context Protocol (MCP), VS Code–family editor extensions, and Chromium‑ and Firefox‑family browser extensions.

Perplexity says many existing open‑source tools cover one or two surfaces, while Bumblebee handles all four simultaneously. The scanner fits into a catalog‑driven workflow: a threat signal leads to a catalog entry and a GitHub pull request, which is reviewed and merged; endpoints run the updated catalog and share findings with the security team.

perplexity, bumblebee, read-only, open-source, package managers, mcp, vs code, browser extensions, github pr, catalog-driven