Perplexity Built a Tool That Checks Your Computer for Infected Software—Without Setting Off the Infection
25 May 2026 17:08 UTC
Bumblebee scans developer machines for compromised packages and AI tool configs. Its core trick: It never actually runs the code it's looking for.
➤ Bumblebee also scans AI connector configurations and browser extensions, offering a comprehensive security solution that Perplexity uses internally and is now available for free under an Apache 2.0 license.
➤ The tool addresses the risk of supply chain attacks, such as the recent TeamPCP incident, by analyzing metadata rather than running code, thus avoiding accidental infection.
➤ Perplexity has open-sourced Bumblebee, a new tool designed to scan developer machines for compromised software packages and AI tool configurations without executing potentially malicious code.
Imagine you suspect someone poisoned a bottle of water in your house. To check, you drink from every bottle. That's roughly how most security scanners work.
Perplexity just open-sourced a tool called Bumblebee that takes a different approach. It scans developer computers for infected software packages, malicious browser extensions, and compromised AI tool configs—without ever running the code it finds. It reads the code, the ingredient label instead of eating the food.
On May 11, a hacker group called TeamPCP slipped malicious code into over 160 software packages used by millions of developers worldwide—including packages from Mistral AI, UiPath, and a widely used React tool with 12 million weekly downloads. The attack spread automatically the moment developers installed those packages. Perplexity’s Bumblebee could have prevented that, the company says.
Why "read-only" is the whole point
Software packages—especially in the JavaScript world—can run hidden scripts the moment you install them. That's exactly how the May 11 attack spread so fast. The malicious code fired automatically on install, before anyone noticed anything was wrong.<span style="display: inline-block; width: 0px; overflow: hidden; line-height: 0;" data-mce-type="bookmark" class="mce_SELRES_start"></span>
A scanner that invokes the package manager to check for infections can trigger those same scripts. You go looking for the worm; the worm runs. Bumblebee sidesteps this by never calling any package manager at all. It reads raw metadata files—the records that describe what's installed—without touching the software itself.
The genuinely new piece is that Bumblebee also scans MCP configuration files—the local files that tell AI assistants like Claude or Cursor which external services they're allowed to connect to.
MCP connectors give AI tools access to emails, databases, calendars, and code. If an attacker sneaks a malicious connector into that config, your AI assistant could leak credentials or run unauthorized commands in the background. Most security tools aren't checking for this yet.
Beyond MCP, it covers browser extensions on Chrome, Edge, Brave, Arc, and Firefox, plus editor plugins in VS Code and its forks. The whole scan happens in one pass, outputs a clean structured list of what it found, and never modifies anything on the machine.
How Perplexity uses it internally
Perplexity has been running Bumblebee internally to protect the systems behind its search product, its Comet browser, and its Computer AI agent. When a new threat surfaces, Perplexity Computer drafts a catalog entry for it, a human reviews and approves it, and Bumblebee runs across all developer machines to check for matches.
» Bumblebee started as an internal tool.Making Perplexity products more secure for users starts with protecting the developer systems we use to build them.Read the full blog: https://t.co/M2IrAYtfCg— Perplexity (@perplexity_ai) May 22, 2026
Teams can run their own catalogs the same way. The tool ships with a built-in threat directory seeded from recent supply-chain attacks, including the May 11 campaign. The group behind that attack—tracked by Google under the alias UNC6780—has been running coordinated software poisoning campaigns since at least March 2026.
Bumblebee is available free at github.com/perplexityai/bumblebee under Apache 2.0, which means you can run it, tweak it, improve it and fork it without legal repercussions.
Categories rationale: The article discusses a new tool developed by Perplexity, an AI company, which falls under 'infrastructure-providers' as it's a tool for security. Specifically, it relates to 'tokenization-platforms' in a broader sense of enabling secure digital environments, though not directly tokenization platforms. The context of supply chain attacks and the need for detection also touches upon 'legal-regulatory' aspects, particularly 'enforcement-actions-litigation' as it aims to prevent and detect malicious activities.Characteristics justification: The article discusses a security threat and a new tool to combat it, which inherently carries a negative sentiment due to the mention of 'infected software', 'malicious code', and 'hacker group'. However, the overall tone is informative and highlights a positive development (the open-sourcing of a solution), leading to a slightly negative sentiment score. The novelty of the approach ('never actually runs the code') and the specific details of the attack contribute to a high entropy score. Relevance is high due to the specific mention of a recent, impactful attack. Staleness is low as it's a recent development.Tag relevance: The tags 'bumblebee' and 'perplexity' are central entities. 'Software security', 'supply chain attack', and 'malicious packages' describe the core problem. 'AI tool configuration' and 'developer tools' highlight specific areas of focus. 'Open source' and 'threat detection' describe the nature and function of the tool.asset-types: others
rwa: false
entropy: 0.85
sentiment: -0.3
staleness: 0.2
relevance: 0.7
uncertainty: 0.1RWATimes slug: decrypt-perplexity-built-a-tool-that-checks-your-computer-for-infected-software-without-setting-off-the-infection-2031153683