It integrates with Perplexity Computer to trigger automated deeper scans.
Super Dario
Today we're open-sourcing Bumblebee, a read-only scanner for macOS and Linux.
It checks developer machines for risky packages, extensions, and AI tool configs.
Connected to Computer, it can trigger deeper scans whenever a new supply-chain risk emerges.
https://github.com/perplexityai/bumblebee
Many users praised Perplexity for open-sourcing the Bumblebee Scanner to secure developer machines on macOS and Linux because it addresses an important security need, while some dismissed it as unnecessary vibe coding or suspicious.
No Digg Deeper questions have been answered for this story yet.
Perplexity just open-sourced the tool they use internally to keep their own developers safe. 😨
It's called Bumblebee. It runs quietly on a developer's laptop and checks for any sneaky code, suspicious browser plugins, or AI tools that might be silently leaking access to your data.
It covers Claude Code, Codex, Cursor, all of it.
Here is why this matters now.
For the last six months, hackers have been quietly slipping malicious code into the free building blocks that almost every app in the world is built on.
When a developer installs one of these poisoned pieces, the attacker gets a backdoor into everything that developer touches.
Including their AI tools and the keys that unlock them.
Most security tools defend the finished product. Bumblebee defends the person building it.
An independent security researcher read through the entire code and confirmed it is clean.
No hidden tracking. No data collection. No backdoors.
For two years, AI coding tools shipped with zero security defenses around them. Perplexity just shipped one. Free.
Worth installing if you build anything with AI.
Today we're open-sourcing Bumblebee, a read-only scanner for macOS and Linux.
It checks developer machines for risky packages, extensions, and AI tool configs.
Connected to Computer, it can trigger deeper scans whenever a new supply-chain risk emerges.
https://github.com/perplexityai/bumblebee
To get Perplexity Computer and similar tools deeply embedded in enterprises, a continuous investment in security engineering is necessary.
What's interesting in the way we're approaching it is putting these tools insde agentic sandboxes and having security workflows run autonomously.
Reach out to @kpolley if you're interested in joining and contributing to projects of this nature!
Today we're open-sourcing Bumblebee, a read-only scanner for macOS and Linux.
It checks developer machines for risky packages, extensions, and AI tool configs.
Connected to Computer, it can trigger deeper scans whenever a new supply-chain risk emerges.
https://github.com/perplexityai/bumblebee
Bumblebee on GitHub: https://github.com/perplexityai/bumblebee
Bumblebee started as an internal tool.
Making Perplexity products more secure for users starts with protecting the developer systems we use to build them.
Read the full blog: https://www.perplexity.ai/hub/blog/perplexity-is-open-sourcing-bumblebee
@perplexity_ai just call it Perplexity Antivirus
@perplexity_ai @samddenty Let’s fucking goooo bumblebee!!! 🐝
https://github.com/perplexityai/bumblebee
Technical analysis and IOCs: https://socket.dev/blog/laravel-lang-compromise
@perplexity_ai love the no support for windows, chef’s kiss
@perplexity_ai This is the right security boundary for agentic tools. Once agents can read configs call local tools and react to supply-chain alerts the dev laptop becomes part of the production threat model. Read-only first is the correct default.
An excellent passive scanning tool.
But we need something more active, something which can stop unknown unknowns.
pmg helps here, with real time Threat Intel scanning new artifacts. protecting developers and AI agents from installing malicious packages, sandboxing it.
Checkout: https://github.com/safedep/pmg
@perplexity_ai Bumblebee looks useful for security teams, but most devs do not need another read only scanner if it cannot block, fix, or quarantine anything.
For daily protection, OSV, Trivy, Socket or Snyk in CI feels more useful. Otherwise it is just a smoke alarm with a GitHub repo.
@perplexity_ai Nice. Fast and clean. But why didn't you partner with Snyk/Socket/Dependabot/OSV and we're only relying on threat_intel/ catalogs? My beef is with catalog provenance. How do you curate them?
The market doesn't need 1 more tool. It needs a single source of curated truth.
@AravSrinivas The agentic sandbox approach is the only way to scale this without becoming a bottleneck for the security team.
@perplexity_ai @samddenty p.s. I still hate these Grok watermarks on my creations. You need to get rid of that @elonmusk @nikitabier @cb_doge @XFreeze @testerlabor
@perplexity_ai @AravSrinivas team cooked here
@perplexity_ai Wait does that mean we are getting a computer desktop app on linux 🥺
@perplexity_ai @grok how i can integrate this in devsecops or mlsecops or llmsecops pipeline guide . Give some exsmple system design
@perplexity_ai @grok compare this offering to commercial offerings from Palo/Crowd/zScaler
@perplexity_ai finally a security scanner that checks your ai app settings, not just regular software.
most antivirus tools skip these files entirely. it only reads, never changes anything. that's right for a tool meant to find bad code
@perplexity_ai @0x4D31 🐐
