{"slug": "bumblebee-perplexity-ai-open-sources-a-safe-supply-chain-scanner", "title": "Bumblebee: Perplexity AI Open-Sources a Safe Supply-Chain Scanner", "summary": "Perplexity AI has open-sourced Bumblebee, a read-only endpoint scanner that audits local developer configurations without executing untrusted code. The tool inventories packages, IDE extensions, and MCP servers on macOS and Linux, providing a safe way to check for supply-chain vulnerabilities. Bumblebee compiles into a single static Go binary with no dependencies and outputs findings in NDJSON for integration with security dashboards.", "body_md": "When a new software supply-chain vulnerability is announced, security teams face a major challenge: **how to quickly check if any developer's local machine is compromised.**\n\nDevelopers install thousands of packages, VS Code extensions, and third-party tools weekly. In the era of AI coding agents, they are also frequently installing **Model Context Protocol (MCP) servers** to give AI models access to local databases and files. If one of these components is compromised, it could act as a backdoor to the company's network.\n\n**Bumblebee** is a new open-source tool developed by Perplexity AI to address this specific security gap. It is a read-only endpoint scanner that audits local developer configurations without executing untrusted code.\n\nBumblebee is a static analyzer that collects metadata from package managers, IDE extensions, and browser tools on macOS and Linux workstations. Unlike traditional vulnerability scanners, Bumblebee does not run code or trigger build tools. It strictly reads on-disk configuration files, turning them into structured records to compare against known vulnerability databases.\n\nMany vulnerability scanners run package managers like npm or pip, which can execute malicious code hiding in package \"post-install\" scripts. Bumblebee strictly reads text metadata and configuration files, meaning it carries zero risk of executing hidden malware.\n\nWith AI coding assistants (like Claude Code) rising in popularity, developers are configuring MCP servers locally. Bumblebee specifically catalogs MCP configurations and IDE extensions (like Cursor and VS Code) to ensure no compromised plugins are active.\n\nBumblebee inventories configurations across a wide variety of development ecosystems, including:\n\nWritten in Go, Bumblebee compiles into a single static binary with zero external dependencies. It can be easily distributed via MDM (Mobile Device Management) tools to run routine security checks across all developer laptops in an organization.\n\nBecause Bumblebee is a single binary, you can download it from the project's release page and run a scan on your local machine instantly.\n\nThe tool outputs findings in structured Newline-Delimited JSON (NDJSON), making it simple to feed the audit logs into existing security and log monitoring dashboards (SIEMs).\n\nAs software supply chains grow more complex and AI assistants introduce new local configurations, auditing developer machines is becoming a top priority. Perplexity AI's Bumblebee provides security teams with a fast, non-intrusive, and completely safe way to keep developer workspaces secure.\n\n*Want to audit your machine? Check out the Bumblebee GitHub Repository.*", "url": "https://wpnews.pro/news/bumblebee-perplexity-ai-open-sources-a-safe-supply-chain-scanner", "canonical_source": "https://dev.to/terminalchai/bumblebee-perplexity-ai-open-sources-a-safe-supply-chain-scanner-ief", "published_at": "2026-07-13 21:02:29+00:00", "updated_at": "2026-07-13 21:19:48.199765+00:00", "lang": "en", "topics": ["ai-safety", "developer-tools", "ai-agents", "ai-infrastructure"], "entities": ["Perplexity AI", "Bumblebee", "Claude Code", "Cursor", "VS Code", "Go"], "alternates": {"html": "https://wpnews.pro/news/bumblebee-perplexity-ai-open-sources-a-safe-supply-chain-scanner", "markdown": "https://wpnews.pro/news/bumblebee-perplexity-ai-open-sources-a-safe-supply-chain-scanner.md", "text": "https://wpnews.pro/news/bumblebee-perplexity-ai-open-sources-a-safe-supply-chain-scanner.txt", "jsonld": "https://wpnews.pro/news/bumblebee-perplexity-ai-open-sources-a-safe-supply-chain-scanner.jsonld"}}