Bumblebee

As builders add more MCP servers (connectors that give AI agents access to external tools and services) and third-party extensions to their coding environments, supply chain risk has quietly become one of the most practical security concerns in AI development. An MCP server installed from a GitHub repo or community Discord could contain malicious code that exfiltrates data, injects instructions into your agent's context, or hijacks tool calls. Bumblebee is Perplexity's open-source answer to this problem.

The tool is read-only, meaning it scans without modifying anything, and has no dependencies outside Go's standard library, so you're not introducing new supply chain risk by running the supply chain scanner. It checks npm, PyPI, Go modules, RubyGems, and Composer package manifests; compares installed MCP servers against known-malicious registries; audits VS Code extensions; and scans browser extensions. A single command from the terminal kicks off the whole scan.

For the TNB audience, the signal here isn't just the tool itself but what it represents: MCP security is becoming a real discipline. As agentic coding environments accumulate more MCP servers, extensions, and skills from community sources, the attack surface grows. Bumblebee surfaced during a period when researchers were already documenting attack vectors like CometJacking (a browser-agent data exfiltration exploit) and tool poisoning (where a malicious MCP server tricks an agent into leaking information or taking harmful actions). Auditing your agent's tool dependencies is becoming table stakes.