Perplexity open-sourcing Bumblebee

Perplexity is open-sourcing one of the internal tools, Bumblebee it uses to protect the developer systems behind Perplexity, Comet, and Computer.  Bumblebee is a read-only scanner we use to check developer machines for risky packages, extensions, and AI tool configs during supply-chain incidents.  It is useful to all security teams. Whenever a new vulnerability is reported, they need to know right away if any of their machines were exposed. By open sourcing Bumblebee, any team can build on the same security layer.

Perplexity states that Bumblebee is one component in its broader security workflow where Perplexity Computer helps track emerging threats, humans review catalog updates, and Bumblebee checks whether exposed components appear across developer endpoints.

Engineering organizations can now run Bumblebee with their own catalogs and review process.

Bumblebee can be used internally in the following way -

·         A threat signal is identified through public disclosures, third-party intel feeds, or internal research.

·         Perplexity Computer drafts a catalog update. It enters the signal into a structured entry (ecosystem, name, version), and then opens a GitHub PR with source links.

·         It enters human review, after which the PR is merged.

·         Bumblebee runs on endpoints with the updated catalog.

·         Findings are shared with the security team.

Bumblebee supports three scan profiles, which tell it where and how broadly to search -

·         Baseline profile: Routine scan of standard laptop locations. Teams schedule it through their own MDM or fleet tooling. 

·         Project profile: Targeted scan of specific repos or workspaces.

·         Deep profile: Response sweep for active incidents.