Perplexity open-sources Bumblebee read-only security scanner

Perplexity published Bumblebee on GitHub on May 22 and released the project under the Apache 2.0 license. The company describes Bumblebee as a read-only scanner for developer machines that does not run or modify installed software.

Bumblebee inspects metadata and configuration files rather than invoking package managers or executing code. The scanner reads records that describe installed packages and local connector settings, then produces a machine-readable inventory of findings without changing the host system.

Perplexity seeded the tool with a built-in threat catalog based on recent supply-chain incidents. The company says Bumblebee would have detected elements of a May 11 campaign in which a group tracked as TeamPCP, also labeled UNC6780 by some defenders, injected malicious code into more than 160 packages. Those packages included components tied to Mistral AI and UiPath and a widely used React tool with roughly 12 million weekly downloads; malicious scripts in that campaign executed automatically at install time.

Bumblebee’s read-only design avoids calling package managers or running install-time scripts, which can trigger payloads in some supply-chain attacks. Perplexity describes Bumblebee as the first open-source scanner to treat MCP configuration files as a security surface. MCP config files are the local settings that tell AI assistants which external services they may access; corrupted connectors can grant tools access to emails, databases, calendars or code repositories and could expose credentials or enable commands without user consent.

The scanner also checks browser extensions on Chromium-based browsers and Firefox and inspects editor extensions in Visual Studio Code and its forks. The scan runs in a single pass and outputs a structured list of matches so teams can review potential threats without modifying developer machines.

Organizations can use Perplexity’s supplied threat catalog or create and manage their own catalogs. When Perplexity identifies a new threat internally, automated detection is paired with human review and a catalog update before machines are scanned.

Perplexity has been running Bumblebee internally to monitor developer systems tied to its search product, the Comet browser and its Computer AI agent. Perplexity wrote in a blog post and on social media: “Making Perplexity products more secure for users starts with protecting the developer systems we use to build them.”

Bumblebee is available at github.com/perplexityai/bumblebee for teams to inspect, run and modify. Security researchers monitoring UNC6780 report the group has run coordinated software poisoning campaigns since at least March 2026.