Perplexity Open-Sources Bumblebee: Security Scanner for AI Dev Environments

Perplexity released Bumblebee (Apache 2.0) — a read-only supply-chain scanner for AI dev environments, covering browser extensions, VS Code plugins, MCP config files, and npm/PyPI/Go packages. Triggered by an attack on 160+ packages including a React tool with 12M weekly downloads.

1 min read|agenticonsult Intelligence

Perplexity Open-Sources Bumblebee: Security Scanner for AI Dev Environments

Perplexity AI open-sourced Bumblebee, a read-only supply-chain security scanner for AI development environments under Apache 2.0. It scans browser extensions (Chrome, Edge, Brave, Arc, Firefox), VS Code-family plugins, MCP config files, and package ecosystems (npm, PyPI, Go) for malicious-package attacks. The release was triggered by an incident where one group injected malicious code into 160+ packages including a React tool with ~12 million weekly downloads. Bumblebee makes no code changes — it scans and reports only.

Why It Matters

MCP config files — which grant agents access to emails, databases, and code repositories — are now an explicit attack surface. Bumblebee is the first dedicated defensive tool targeting MCP configs alongside traditional extension and package scanning, directly addressing the agentic AI stack's supply-chain exposure.

This breaking-news item was assembled from the cited primary source with AI assistance. It is intended for rapid situational awareness — refer to the original publication for the definitive statement.

Perplexity Open-Sources Bumblebee: Security Scanner for AI Dev Environments

Perplexity Open-Sources Bumblebee: Security Scanner for AI Dev Environments

Why It Matters

Live Intel Feed