Perplexity has open-sourced Bumblebee, a security scanner that detects infected software packages and malicious AI MCP configurations without executing suspicious code, aiming to counter rising supply-chain attacks.
Perplexity has open-sourced Bumblebee, a new security tool designed to detect compromised software packages, malicious browser extensions, and infected AI tool configurations without executing the suspicious code itself.
The Apache 2.0-licensed tool uses a “read-only” scanning model that inspects raw metadata and configuration files directly instead of invoking package managers, helping avoid accidental execution of malicious install scripts during scans.
The launch follows a major May 11 supply-chain attack in which hacker group TeamPCP reportedly inserted malicious code into more than 160 software packages used by millions of developers globally, including packages linked to Mistral AI, UiPath, and a React tool with 12 million weekly downloads. Perplexity said Bumblebee’s approach could have prevented the attack because the malware activated automatically during installation.
“It scans developer computers for infected software packages, malicious browser extensions, and compromised AI tool configs—without ever running the code it finds,” the company stated.
Bumblebee is also positioned as the first open-source scanner to treat MCP configuration files as a security surface. These files determine which external services AI assistants can access, including emails, databases, calendars, and code repositories.
“If an attacker sneaks a malicious connector into that config, your AI assistant could leak credentials or run unauthorized commands in the background,” Perplexity warned.
The tool also scans browser extensions and VS Code plugins, produces structured output in a single pass, and does not modify the inspected machine.
