Perplexity Built a Tool That Checks Your Computer for Infected Software—Without Setting Off the Infection

TL;DR

Perplexity has launched Bumblebee, a free open-source tool that scans developer computers for infected software without executing any code. It uniquely checks for compromised AI connector configurations and browser extensions, enhancing security against recent malware attacks.

Key points

Bumblebee is a free, open-source security tool.
It scans for compromised software without executing code.
The tool checks MCP configuration files for security risks.
Bumblebee could have prevented a recent malware attack.
It is available under the Apache 2.0 license for public use.

In brief

Bumblebee is a free, open-source tool that checks developer computers for compromised software, browser extensions, and AI connector configs—without running the infected code.
Most scanners work by invoking the software they're checking, which can accidentally trigger the attacks they're meant to detect.
It's the first open-source scanner to treat MCP config files—the connectors that give AI tools access to your data—as a security surface. Imagine you suspect someone poisoned a bottle of water in your house. To check, you drink from every bottle. That's roughly how most security scanners work. Perplexity just open-sourced a tool called Bumblebee that takes a different approach. It scans developer computers for infected software packages, malicious browser extensions, and compromised AI tool configs—without ever running the code it finds. It reads the code, the ingredient label instead of eating the food. On May 11, a hacker group called TeamPCP slipped malicious code into over 160 software packages used by millions of developers worldwide—including packages from Mistral AI, UiPath, and a widely used React tool with 12 million weekly downloads. The attack spread automatically the moment developers installed those packages. Perplexity’s Bumblebee could have prevented that, the company says.

Why "read-only" is the whole point

Software packages—especially in the JavaScript world—can run hidden scripts the moment you install them. That's exactly how the May 11 attack spread so fast. The malicious code fired automatically on install, before anyone noticed anything was wrong. A scanner that invokes the package manager to check for infections can trigger those same scripts. You go looking for the worm; the worm runs. Bumblebee sidesteps this by never calling any package manager at all. It reads raw metadata files—the records that describe what's installed—without touching the software itself.

The genuinely new piece is that Bumblebee also scans MCP configuration files—the local files that tell AI assistants like Claude or Cursor which external services they're allowed to connect to. MCP connectors give AI tools access to emails, databases, calendars, and code. If an attacker sneaks a malicious connector into that config, your AI assistant could leak credentials or run unauthorized commands in the background. Most security tools aren't checking for this yet. Beyond MCP, it covers browser extensions on Chrome, Edge, Brave, Arc, and Firefox, plus editor plugins in VS Code and its forks. The whole scan happens in one pass, outputs a clean structured list of what it found, and never modifies anything on the machine.

Q&A

What is Bumblebee and how does it work?

Bumblebee is an open-source tool that scans for infected software and configurations without executing any code, preventing potential malware activation.

What recent malware attack could Bumblebee have prevented?

Bumblebee could have prevented the May 11 attack where malicious code was injected into over 160 software packages used by millions of developers.

How does Bumblebee scan MCP configuration files?

Bumblebee scans MCP configuration files by reading their metadata without invoking any package managers, thus avoiding the execution of potentially harmful scripts.

Is Bumblebee available for public use and modification?

Yes, Bumblebee is available for free under the Apache 2.0 license, allowing users to run, modify, and improve the tool legally.