Perplexity's Bumblebee scans dev machines for malware after supply-chain attacks

Perplexity has released Bumblebee, an open-source developer security scanner designed to answer the urgent question after a supply-chain advisory: "Do any of our programmers have this malware installed?" Available now as a Go project for macOS and Linux, Bumblebee is read-only and requires no AI subscription. It targets four specific surfaces: language package managers (npm, pnpm, Yarn, Bun, PyPI, Go modules, RubyGems, Composer), AI agent configs (Model Context Protocol), editor extensions (VS Code, Cursor, Windsurf, VSCodium), and browser extensions (Chromium-family: Chrome, Comet, Edge, Brave, Arc; plus Firefox). Perplexity says existing open-source tools cover one or two of these surfaces, while Bumblebee handles all four at once.

Bumblebee integrates into existing workflows via a JSON catalog format (schema_version + entries). After a threat signal is identified from public disclosures or intel feeds, Perplexity Computer drafts a catalog update, triggers a GitHub PR with source links, and after human review, Bumblebee runs on endpoints and shares findings with the security team. Users can also bring their own catalogs. Each detection is traceable, showing which catalog entry triggered it and when it was added. The tool's threat_intel/ directory on GitHub contains maintained exposure catalogs from recent supply-chain campaigns. Bumblebee is built for teams using JavaScript/TypeScript, Python, Go, Ruby, PHP, AI MCP configurations, VS Code-style editors, and Chromium-style browsers.