Bumblebee Scans Your Tools for Hidden Threats

A quiet little alarm system for your tech stack

Perplexity — the AI search company — just released a free tool called Bumblebee. It does one thing: it looks around a developer's computer and tells you if any of the software installed there has been flagged as dangerous.

What makes it interesting isn't what it does — it's what it doesn't do. It never pokes, runs, or triggers anything it finds. It just reads. Like a detective who looks through the window instead of opening the door. That matters because some malicious software is designed to wake up the moment something touches it. Bumblebee stays well clear of that.

The timing is relevant for anyone whose team uses AI tools like Claude Desktop, Cursor, or similar assistants. Those tools rely on something called MCP configs — small files that tell the AI what it's allowed to connect to. Bumblebee is one of the first scanners to actually check those files for problems. That's a gap nobody else was covering.

For a business owner, the practical upside is simple: if a security warning comes out about a piece of software, you no longer have to wonder whether anyone on your team has it installed. Bumblebee answers that question in seconds, across all your machines.

It's free, takes about a minute to set up, and is available at: https://github.com/perplexityai/bumblebee

Words worth knowing

Supply chain attack — when someone tampers with a software tool before it reaches you, so you install something that looks trustworthy but isn't.

Package — a ready-made piece of software that developers install to avoid writing everything from scratch. Think of it like a pre-made sauce a chef buys rather than making from scratch.

MCP config — a small settings file that tells an AI assistant which external tools and services it can talk to. If it's tampered with, the AI might quietly share data it shouldn't.

Read-only — a tool that can look but never touch. It can't change, delete, or accidentally activate anything on your system.