Perplexity Constructed a Software That Checks Your Pc for Contaminated Software program—With out Setting Off the An infection – Decrypt

Think about you think somebody poisoned a bottle of water in your own home. To examine, you drink from each bottle. That is roughly how most safety scanners work.

Perplexity simply open-sourced a instrument referred to as Bumblebee that takes a unique strategy. It scans developer computer systems for contaminated software program packages, malicious browser extensions, and compromised AI instrument configs—with out ever working the code it finds. It reads the code, the ingredient label as a substitute of consuming the meals.

On Might 11, a hacker group referred to as TeamPCP slipped malicious code into over 160 software program packages utilized by hundreds of thousands of builders worldwide—together with packages from Mistral AI, UiPath, and a extensively used React instrument with 12 million weekly downloads. The assault unfold mechanically the second builders put in these packages. Perplexity’s Bumblebee might have prevented that, the corporate says.

Why “read-only” is the entire level

Software program packages—particularly within the JavaScript world—can run hidden scripts the second you put in them. That is precisely how the Might 11 assault unfold so quick. The malicious code fired mechanically on set up, earlier than anybody observed something was incorrect.

A scanner that invokes the bundle supervisor to examine for infections can set off those self same scripts. You go in search of the worm; the worm runs. Bumblebee sidesteps this by by no means calling any bundle supervisor in any respect. It reads uncooked metadata information—the information that describe what’s put in—with out touching the software program itself.

The genuinely new piece is that Bumblebee additionally scans MCP configuration information—the native information that inform AI assistants like Claude or Cursor which exterior companies they’re allowed to connect with.

MCP connectors give AI instruments entry to emails, databases, calendars, and code. If an attacker sneaks a malicious connector into that config, your AI assistant might leak credentials or run unauthorized instructions within the background. Most safety instruments aren’t checking for this but.

Past MCP, it covers browser extensions on Chrome, Edge, Courageous, Arc, and Firefox, plus editor plugins in VS Code and its forks. The entire scan occurs in a single cross, outputs a clear structured listing of what it discovered, and by no means modifies something on the machine.

How Perplexity makes use of it internally

Perplexity has been working Bumblebee internally to guard the programs behind its search product, its Comet browser, and its Pc AI agent. When a brand new risk surfaces, Perplexity Pc drafts a catalog entry for it, a human critiques and approves it, and Bumblebee runs throughout all developer machines to examine for matches.

Groups can run their very own catalogs the identical manner. The instrument ships with a built-in risk listing seeded from current supply-chain assaults, together with the Might 11 marketing campaign. The group behind that assault—tracked by Google beneath the alias UNC6780—has been working coordinated software program poisoning campaigns since no less than March 2026.

Bumblebee is out there free at github.com/perplexityai/bumblebee beneath Apache 2.0, which suggests you may run it, tweak it, enhance it and fork it with out authorized repercussions.