By https://www.facebook.com/testingcatalog
Publication Date: 2026-05-23 07:23:00
Perplexity is releasing Bumblebee, an open-source security scanner for developer machines, and making an internal supply-chain response tool publicly available. The tool is built for macOS and Linux and is designed to scan local developer environments for risky packages, browser extensions, editor extensions, and AI tool configurations without modifying the machine.
Today we’re open-sourcing Bumblebee, a read-only scanner for macOS and Linux.
It checks developer machines for risky packages, extensions, and AI tool configs.
Connected to Computer, it can trigger deeper scans whenever a new supply-chain risk emerges.https://t.co/FOaWnF1yQy pic.twitter.com/wXauD4wDOT
— Perplexity (@perplexity_ai) May 22, 2026
Bumblebee focuses on a specific security problem: when a new compromised package, extension, or developer tool risk appears, teams need to know which machines may be exposed right now. Instead of checking only shipped software via SBOMs or runtime behavior via EDR tools, Bumblebee reads local metadata from lockfiles, package manager records, extension manifests, and supported MCP configuration files. It then emits structured NDJSON records that security teams can compare against exposure catalogs.
The scanner covers common developer ecosystems, including:
- npm, pnpm, Yarn, Bun
- PyPI
- Go modules
- RubyGems
- Composer
- VS Code-family editor extensions such as Cursor, Windsurf, and…
