Bumblebee is an open-source security scanner developed by Perplexity, designed to analyze developer computers for infected software packages without executing any code. This innovative approach involves reading raw metadata files instead of running the actual software, thereby reducing the risk of triggering malicious code. On May 11, a cyberattack by the hacker group TeamPCP compromised over 160 software packages, impacting millions of developers globally. Bumblebee serves as a protective measure against such threats, offering a detailed analysis while maintaining system safety.
Bumblebee is an open-source tool from Perplexity that scans developer computers for infected software packages, malicious browser extensions, and compromised AI tool configurations without ever running the code it finds. Rather than executing discovered packages, the scanner reads raw metadata files and inspects those artifacts for indicators of compromise. Bumblebee does not invoke a package manager during scans, and it avoids executing any code paths that could trigger infections. The tool outputs a clean, structured list of findings and does not modify the machine it scans.
Bumblebee also inspects MCP configuration files that tell AI assistants such as Claude or Cursor which external services they are allowed to connect to. MCP connectors give AI tools access to emails, databases, calendars, and code, and Bumblebee examines those configuration files for compromises. The scanner ships with a built-in threat directory seeded from recent supply-chain attacks, including the May 11 campaign that affected hundreds of packages. Bumblebee began as an internal Perplexity tool and is used to protect systems behind Perplexity’s search product, the Comet browser, and its Computer AI agent.
Bumblebee’s approach centers on metadata and configuration inspection rather than executing code, and it focuses on detecting infected packages, malicious browser extensions, and compromised AI tool configurations. The scanner reports findings without altering the scanned system.
On May 11, a cyberattack by a hacker group called TeamPCP infected over 160 software packages that were widely used by developers. Those compromised packages were present across developer ecosystems and were used by millions of developers. Affected vendors and packages included releases from Mistral AI and UiPath, and one widely used React tool that recorded 12 million weekly downloads. The campaign spread automatically when developers installed the infected packages, causing the infection to propagate via routine package installations rather than through manual activation. The scale of the compromise reflected a broad contamination of software packages relied upon in development workflows.
Bumblebee began as an internal tool at Perplexity and was later released as an open-source security scanner. Perplexity deploys Bumblebee to protect systems behind its search product, the Comet browser, and its Computer AI agent. The tool operates without executing discovered code and is used in Perplexity’s internal defenses to identify compromised artifacts. Bumblebee outputs structured findings and does not modify the machines it scans.
The scanner ships with a built-in threat directory seeded from recent supply-chain attacks, including the May 11 campaign. The May 11 incident is associated with a hacker group tracked by Google under the alias UNC6780. Bumblebee’s threat directory includes entries derived from those incidents for detection during scans.
This section summarizes Bumblebee’s internal origin, its deployment within Perplexity, and the inclusion of recent supply-chain incidents in its threat directory. The directory specifically references the May 11 campaign among other seeded entries. The section also records the external tracking identifier associated with the attacker group involved in that campaign.
Bumblebee is an open-source, non-invasive scanner that examines developer machines by reading raw metadata and configuration files without executing discovered code. Deployed by Perplexity to protect systems behind its products, and shipped with a built-in threat directory seeded from recent supply-chain attacks including the May 11 campaign by TeamPCP, it detects infected packages, malicious browser extensions, and compromised AI tool configurations to help defend against coordinated supply-chain attacks.
