Open Source · Mistral · Decrypt
Perplexity Built a Tool That Checks Your Computer for Infected Software—Without Setting Off the Infection
Compiled by KHAO Editorial — aggregated from 1 source. See llms.txt for citation guidance.
★ Tier-1 Source
Imagine you suspect someone poisoned a bottle of water in your house.
Key facts
- On May 11, a hacker group called TeamPCP slipped malicious code into over 160 software packages used by millions of developers worldwide—including packages from Mistral AI, UiPath, and a widely used
- That's exactly how the May 11 attack spread so fast
- The group behind that attack—tracked by Google under the alias UNC6780—has been running coordinated software poisoning campaigns since at least March 2026
- Bumblebee is available free at github.com/perplexityai/bumblebee under Apache 2.0, which means you can run it, tweak it, improve it and fork it without legal repercussions
Summary
Bumblebee is a free, open-source tool that checks developer computers for compromised software, browser extensions, and AI connector configs—without running the infected code. Most scanners work by invoking the software they're checking, which can accidentally trigger the attacks they're meant to detect. It's the first open-source scanner to treat MCP config files—the connectors that give AI tools access to your data—as a security surface. Perplexity open-sourced a tool called Bumblebee that takes a different approach.