Perplexity launches Bumblebee: How its new read-only dev scanner differs from Chainguard

Perplexity launches Bumblebee: How its new read-only dev scanner differs from Chainguard

Briefly

"Perplexity Bumblebee is an open-source developer security program. Bumblebee doesn't require AI or a subscription. The program aims to spot problems on programmers' laptops."

"According to the AI company, Bumblebee is a "read‑only scanner we use to check developer machines for risky packages, extensions, and AI tool configs during supply‑chain incidents." The company said in its announcement that the program is one of "the internal tools we use to protect the developer systems behind Perplexity, Comet, and Computer.""

"The tool is built to answer the first question that pops up in your mind after a new supply‑chain advisory: Do any of our programmers have this thing installed? Bumblebee runs on MacOS and Linux developer machines and is available now as an open-source Go project. You can plug the tool's results into whatever security system you're already using."

"Instead of targeting code or runtime behavior, Bumblebee focuses on four specific surfaces. Perplexity claimed existing open‑source tools tend to cover one or two of these surfaces, while Bumblebee can handle all four at once: Language package managers; AI agent configs: Model Context Protocol (MCP); Editor extensions: VS Code‑family; Browser extension."