If you're a programmer, you're painfully aware that there's been a flood of successful malicious attacks on your software supply chain. These attacks include the Axios npm package compromise, the PyPI LiteLLM AI attack, and the CanisterSprawl npm assault.

What's a programmer to do when they can't even trust the very building blocks of their program? Well, there are several approaches, and the latest comes from Perplexity.

According to the AI company, Bumblebee is a "read‑only scanner we use to check developer machines for risky packages, extensions, and AI tool configs during supply‑chain incidents." The company said in its announcement that the program is one of "the internal tools we use to protect the developer systems behind Perplexity, Comet, and Computer."

Also: How I got my business emails through spam filters with SPF, DKIM, and DMARC

The tool is built to answer the first question that pops up in your mind after a new supply‑chain advisory: Do any of our programmers have this thing installed?

Bumblebee runs on MacOS and Linux developer machines and is available now as an open-source Go project. You can plug the tool's results into whatever security system you're already using.