Perplexity Open-Sources Bumblebee: A New Security Scanner for Developers

Packagist registries.

By leveraging CI/CD pipeline cache poisoning, compromised maintainer credentials, and abusing OpenID Connect (OIDC) trust relationships, TeamPCP managed to poison over 160 npm packages (including hundreds of automated malicious versions in ecosystems like AntV) and dozens of Python environments. The malicious payloads executed silent credential-stealing postinstall scripts and planted deep system backdoors designed to persist even after the infected package was removed from the project.

Bumblebee was engineered specifically to detect and halt these stealthy campaigns. By comparing local metadata against an active, structured exposure catalog of known IoCs (Indicators of Compromise) associated with TeamPCP, Bumblebee instantly alerts developers if their workspace has been contaminated.

Perplexity’s internal operational loop showcases how AI and local scanning work together to build a robust defense:” (~200 words)

Bullet list:
“

• An emerging threat signal is identified via public advisories, internal research, or threat intelligence feeds.
• Perplexity’s autonomous “Computer” agent automatically drafts a structured catalog update containing the newly identified malicious package names, ecosystems