Skip to main content
TechnologyMay 26, 2026· 2 min read

Perplexity Releases Bumblebee, Checks Suspicious Files and Programs Without Executing Them

Perplexity has made Bumblebee public, a free and open tool that checks developers' computers for compromised software or configurations, being careful not to execute anything that could trigger an infection. The tool is primarily designed for developers and security teams that need to check their machines after an alarm on the software supply chain.

Bumblebee is a lightweight program intended for Linux and macOS machines, distributed under an open license that allows for use and modification. Its purpose is to inventory files and configurations that indicate the presence of compromised components without installing or starting additional software.

What It Checks

The scanner analyzes four types of elements: the lists of packages used by projects, AI agent settings, extensions used in code editors, and browser extensions. Essentially, it checks the points where malware related to the software supply chain often passes.

The issue is that many attacks are triggered when a component is installed or updated: it only takes one piece of malicious code to be executed to infect the machine. Bumblebee avoids that risk by only reading the information already present in the files, without launching installations or scripts that could trigger an attack.

The tool produces a structured output file that can be integrated into enterprise management and incident response tools. In such a workflow, a threat alert is entered into a catalog monitored by experts; then Bumblebee is run on the computers to understand who is exposed and where to intervene.

This release comes after some campaigns of software package compromise, which have affected many projects and thousands of downloads. Experts have noted that tools that execute nothing during scanning can reduce the risk of worsening malware spread.

At the beginning of the month, indeed, a group of hackers called TeamPCP inserted malicious code into over 160 software packages used by millions of developers worldwide, including packages from Mistral AI, UiPath, and a very popular React tool with 12 million weekly downloads. The attack propagated automatically when developers installed those packages. Perplexity claims that Bumblebee could have prevented this type of attack.

Perplexity already uses Bumblebee internally to protect the systems behind its search engine, the Comet browser, and its AI agent named Computer. When a new threat emerges, Perplexity Computer prepares a record in the internal threat catalog, someone reviews and approves it, then Bumblebee runs on all developers' computers to look for matches.

This episode well illustrates how cybersecurity is changing with AI and agent-based tools: it is no longer sufficient to defend single devices; oversight of automatic flows, agents operating instead of users, and the software supply chain is also necessary. The advantage of new tools is the speed with which they can identify anomalies and react, but there is also an increasing need to ensure they operate cautiously, without executing risky code while searching for that very code.