The modern developer's laptop is no longer just a workstation; it is a sprawling, unmanaged ecosystem of dependencies. Between the dozens of npm packages, Python libraries, VS Code extensions, and the emerging layer of AI agent configurations, the local environment has become a primary target for supply chain attacks. When a critical vulnerability is announced in a popular library, security teams usually face a frantic period of uncertainty. They know the vulnerability exists, but they have no immediate way to know which specific engineers on their team have the compromised version installed locally. This visibility gap transforms the developer's PC into a blind spot that can compromise an entire organization's security posture.

Bumblebee v0.1.1 and the Zero-Dependency Architecture

To solve this visibility crisis, Perplexity has open-sourced Bumblebee, a read-only inventory scanner designed specifically for developer endpoints on macOS and Linux. Originally developed internally to protect Perplexity's search products, the Comet browser, and its suite of computer agents, Bumblebee is now available to the public as version v0.1.1. The tool is built using Go 1.25, and its most critical architectural decision is a strict zero-dependency design. By eliminating external libraries, Perplexity ensures that the scanner itself does not introduce new vulnerabilities into the environment it is meant to protect. This approach removes the risk of a compromised third-party dependency turning the security tool into a Trojan horse.

Deploying the tool is designed to be frictionless, requiring only a single command in the terminal:

go install github.com/perplexity/bumblebee@latest

Once installed, users can verify the binary's integrity and functionality through a built-in self-test command:

bumblebee selftest

Released under the Apache License 2.0, Bumblebee allows companies to modify and distribute the tool according to their specific internal needs. To handle the massive volume of data generated across hundreds of developer machines, the tool outputs results in NDJSON (Newline-Delimited JSON) format. Unlike standard JSON, which requires the entire file to be parsed as a single object, NDJSON treats each line as a separate data entry. This allows security teams to stream and process thousands of package records in real-time without overloading system memory, making it an ideal choice for large-scale enterprise telemetry.

The Read-Only Pivot and the Local State Gap

Most traditional security scanners operate by invoking the system's own package managers—such as running `npm list` or `pip freeze`—to determine what is installed. This creates a dangerous paradox: the act of scanning for a vulnerability can actually trigger one. Many malicious packages use lifecycle hooks—scripts that execute automatically during installation or inspection—to steal environment variables or establish reverse shells. By calling the package manager, a scanner might inadvertently execute these hooks, turning a passive audit into an active infection. Bumblebee avoids this risk entirely by adopting a strictly read-only approach. It never executes code or calls package management binaries; instead, it parses the static text files that these tools leave behind.

Bumblebee functions like a forensic auditor reading receipts rather than a technician running the machinery. It scans lockfiles such as `package-lock.json`, `pnpm-lock.yaml`, and `go.sum`, as well as `*.dist-info/METADATA` files. Because these are static records of what was installed, they contain no executable logic and cannot trigger malicious scripts. The tool's scanning depth is managed through three distinct profiles. The baseline profile covers common root paths, toolchains, and browser extensions. The project profile targets specific development directories like `~/code` or `~/src` to find project-specific risks. Finally, the deep profile allows administrators to perform an exhaustive search of the entire root directory during high-severity security incidents. While v0.1 currently supports text-based `bun.lock` files, it does not yet support the binary `bun.lockb` format.

This methodology addresses a critical failure in the current security stack. Software Bill of Materials (SBOM) tools are excellent for tracking what goes into a final build, but they are essentially blueprints. They tell you what the product should contain, not what is actually sitting on a developer's desk. Conversely, Endpoint Detection and Response (EDR) tools act like CCTV cameras, monitoring active processes and network traffic. While EDR can tell you that a process is behaving strangely, it is not designed to parse a static configuration file to find a vulnerable version of a library before it is ever executed. Bumblebee fills this gap by analyzing the local state—the static, dormant files that exist between the blueprint of the SBOM and the activity of the EDR.

This granularity extends to the modern AI-augmented workflow. Bumblebee doesn't just look at libraries; it scans the manifests of AI-centric editors like Cursor, Windsurf, and VSCodium, as well as browser plugins for Chrome, Edge, Brave, Arc, and Firefox. Most importantly, it targets the configuration files of the Model Context Protocol (MCP), scanning `mcp.json`, `claude_desktop_config.json`, and `~/.gemini/settings.json`. As AI agents gain more access to local file systems and APIs, these configuration files become high-value targets for attackers. By treating these settings as part of the supply chain, Bumblebee provides visibility into how AI agents are integrated into the developer's environment.

Automating the Threat-to-Detection Pipeline

Perplexity has integrated Bumblebee into a five-stage automated workflow that replaces the traditional, manual process of security notifications. In a typical setup, a security team sends an email about a vulnerability, and developers are asked to manually check their systems and report back—a process prone to human error and delays. Perplexity's automated pipeline begins when a threat signal is received. An AI agent, Perplexity Computer, automatically generates a draft catalog containing the ecosystem, package name, and affected versions of the threat. This draft is then submitted as a GitHub Pull Request for human review.

Once a security engineer merges the PR, the updated catalog is pushed to all endpoints. Bumblebee then executes a scan across the organization, and the results are aggregated back to the security team. To ensure the data is actionable, Bumblebee assigns a confidence level to every detection. A High confidence rating is given when the metadata provides a perfect match for the identity and version of the package. Medium confidence is assigned when the identity is clear but the version is only partially verifiable. Low confidence is used when only a related path or reference is found. This tiered system allows security teams to prioritize their response, isolating the most certain threats first while investigating the ambiguous ones second.

This shift from reactive reporting to automated, read-only telemetry transforms the developer's PC from a black box into a transparent part of the security infrastructure. By focusing on the static local state and leveraging AI for cataloging, Perplexity has created a system that can identify a vulnerability across thousands of machines in minutes rather than days.