# Perplexity Open-Sources Bumblebee, a Security Scanner for AI Coders

> Perplexity open-sourced Bumblebee, a read-only scanner that continuously checks developer machines for risky packages, extensions, and AI tool configs.

Published: 2026-05-26
URL: https://daniliants.com/insights/perplexity-launched-something-claude-shouldve-done-first/
Tags: supply-chain-security, open-source, dev-security, perplexity, package-scanning, vibe-coding

---

## Summary

Perplexity open-sourced an internal tool called Bumblebee, a read-only security scanner for macOS and Linux that continuously checks a developer's machine for risky packages, extensions, and AI tool configurations. When a public compromise report drops for any package, it triggers a deeper scan via Perplexity's compute. Framed as "antivirus for vibe coders."

## Key Insight

- **Targets a real new attack surface**: AI-assisted ("vibe") coders pull in packages and extensions fast and uncritically, widening supply-chain exposure. A passive, read-only scanner that watches package/extension/AI-config state is a sensible fit.
- **Reactive trigger model**: the differentiator is that a public compromise disclosure auto-fires a deeper scan, so it acts on threat intel timing, not just static rules.
- **Open-sourcing is the strategy**: low-cost dev-trust marketing. Expect other AI labs to ship copycats; this is as much positioning as security.
- **Read-only by design** lowers adoption friction (no risk of it breaking the environment), which matters for getting devs to actually run it.